On Thu, Apr 2, 2015 at 4:54 PM, Piotr Caban piotr@codeweavers.com wrote:
... the patch restores old SetSecurityInfo behavior. It also works around a crash in current implementation when NULL DACL is passed. It's as close to native behavior as it currently can be. Setting NULL DACL means: allow every permission on windows. Your test shows that we should get NULL while asking about DACL but there's no way of correctly supporting it in wine currently (and I'm not sure if it can be cleanly supported in future, as far as I can see nor POSIX ACL, nor NFSv4 ACL supports anything like this). ...
This is one of the reasons why in our implementation we stored the security descriptor in an extended filesystem attribute. Samba encountered the same problems with a lot of the win ACLs, they found that for some things the only way to provide full support is to store a perfect copy of the security descriptor. Doing so works around a lot of these issues where there's no equivalent Unix permission.
Best, Erich