-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 4 Oct 2007, Rob Shearman submitted the patch "server: Add primitive support for setting and getting the security descriptor of files based on their Unix permissions.", which calculated the owner permissions solely based on the grant/deny permissions for the owner's SID.

On 17 Oct 2007, in bug #10067, "Daniel" reported a bug about FAT32 support being broken in 0.9.47 (which included the above patch)

On 21 Oct 2007, Rob Shearman submitted the patch "server: Fix file_set_sd to handle NULL DACLs.", which added support for setting permissions from NULL ACLs.

On 21 Nov 2007, Rob Shearman submitted the patch "server: Add primitive support for setting and getting the security descriptor of files based on their Unix permissions.", which added the world permissions to the owner permissions.

On 10 Mar 2009, in bug #17672, Nathan Lineback reported a bug about wine incorrectly setting permissions when installing Oracle DB.

On 17 Mar 2009, in bug #17776, Richard Hendrikse reported a bug about FAT32 support being broken.

On 5 Aug 2009, in bug #19588, Ken Sharp reported that wine was setting the wrong permissions in some cases.

On 10 Nov 2009, in bug #20643, Marshall Davis reported that wine was removing owner permissions when World of Warcraft was giving only the users group permission to access the World of Warcraft directory.

On 17 Nov 2009, I posted an initial patch here to take the permissions of the groups the user is a member of when calculating the UNIX mode.

Rob Shearman replied:

While I agree that there is a problem that needs to be fixed, I'm not sure this is the right approach. I think you need to take a step back and consider the meanings of the different SIDs in a token by default and how they map wine running inside the Unix permissions model.

Later on 17 Nov 2009, I revised the patch to only look at the user's groups if the user was the owner of the file.

If permissions should be revoked from a user when (1) they are the owner of the file, (2) they are not a trustee in the file's security descriptor, and (3) they are removed from all groups in the file's security descriptor, then there needs to be some other way of storing the owner of the file and the security descriptor in the filesystem (such as POSIX ACLs), and the owner in the security descriptor cannot be the UNIX owner of the file, as the UNIX owner permissions cannot be overridden by POSIX ACLs.

In the meantime, the owner of the file cannot access the file when they are not a trustee in the security descriptor, even if token_access_check says they should be able to access the file.