You are on the right track to prevent a user from deleting ANOTHER user's FILE. You'll also want
Code:
DeleteOwn = /* !*
RemoveDir = /* !*
RemoveOwnDir = /* !*
if you really wanted to prevent anyone from deleting anything on the server except M flagged users which are immune to all rules...
Please also make sure that these rules are above any other rules as the first matching rule for a type of operation determines the permissions to apply.
Check out 'site help perms' which should enable you to see exactly what operations can be performed on any file/directory on the server as if you were another user. It's a great way to test things.
Remember to 'site rehash' after making changes to the .ini file so you can see the changes.
You might also want to consider a couple of other things. VFS rules like the ones above have their place, but you can also use 'site chmod' to control the +w flag on directories. This allows much finer control on a per-directory/file level without having to edit the .ini. A classic example might be to use the VFS rules to prohibit anyone from touching the /Archives folder and anything under it, but allow users to delete their own files elsewhere. For example zipscripts might also allow you a way to -w a directory after it's been marked complete, but still allow users to delete a mistakenly uploaded file they sent in the wrong place.
NOTE: scripts are responsible for their own permissions. If you use nxTools to Wipe a directory it removes the files directly from the filesystem and the server doesn't get to chance to apply any permission checks. If you have 3rd party scripts involved make sure you limit access to the destructive operations.