* security.cc (alloc_sd): Don't apply temporary workaround for chmod

to DEF_USER_OBJ, DEF_GROUP_OBJ, and DEF_OTHER_OBJ ACEs.

winsup/cygwin/ChangeLog

@@ -1,3 +1,8 @@
+2015-02-25  Corinna Vinschen  <corinna@vinschen.de>
+
+	* security.cc (alloc_sd): Don't apply temporary workaround for chmod
+	to DEF_USER_OBJ, DEF_GROUP_OBJ, and DEF_OTHER_OBJ ACEs.
+
 2015-02-25  Corinna Vinschen  <corinna@vinschen.de>
 
 	* fhandler_tty.cc (fhandler_pty_slave::read): Having no input is not an

winsup/cygwin/security.cc

@@ -777,7 +777,11 @@ alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
 	      ace->Header.AceFlags &= ~INHERITED_ACE;
 	    }
 	  else if (uid == ILLEGAL_UID && gid == ILLEGAL_UID
-		   && ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
+		   && ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE
+		   && ace_sid != well_known_creator_group_sid
+		   && ace_sid != well_known_creator_owner_sid
+		   && ace_sid != well_known_world_sid)
+	    {
 	      /* FIXME: Temporary workaround for the problem that chmod does
 		 not affect the group permissions if other users and groups
 		 in the ACL have more permissions than the primary group due
@@ -785,6 +789,7 @@ alloc_sd (path_conv &pc, uid_t uid, gid_t gid, int attribute,
 		 disallow any secondary ACE in the ACL more permissions than
 		 the primary group when writing a new ACL via chmod. */
 	      ace->Mask &= group_allow;
+	    }
 	  /* Add unrelated ACCESS_DENIED_ACE to the beginning but behind
 	     the owner_deny, ACCESS_ALLOWED_ACE to the end.  FIXME: this
 	     would break the order of the inherit-only ACEs. */