diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 9206aabba..e9ea1adb8 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,8 @@
+2015-02-27  Corinna Vinschen  <corinna@vinschen.de>
+
+	* sec_acl.cc (getacl): Add mask even if all group and secondary account
+	permissions are 0.
+
 2015-02-27  Corinna Vinschen  <corinna@vinschen.de>
 
 	* uinfo.cc (pwdgrp::fetch_account_from_windows): Drop redundant test
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index fb3f8c3c9..e5019cb35 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -423,6 +423,7 @@ getacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp)
 
   int pos, i, types_def = 0;
   int pgrp_pos = 1, def_pgrp_pos = -1;
+  bool has_class_perm = false, has_def_class_perm = false;
   mode_t class_perm = 0, def_class_perm = 0;
 
   if (!acl_exists || !acl)
@@ -485,7 +486,10 @@ getacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp)
 		  getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType);
 		  /* Fix up CLASS_OBJ value. */
 		  if (type == USER || type == GROUP)
-		    class_perm |= lacl[pos].a_perm;
+		    {
+		      has_class_perm = true;
+		      class_perm |= lacl[pos].a_perm;
+		    }
 		}
 	    }
 	  if ((ace->Header.AceFlags
@@ -503,7 +507,10 @@ getacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp)
 		  getace (lacl[pos], type, id, ace->Mask, ace->Header.AceType);
 		  /* Fix up DEF_CLASS_OBJ value. */
 		  if (type == DEF_USER || type == DEF_GROUP)
-		    def_class_perm |= lacl[pos].a_perm;
+		    {
+		      has_def_class_perm = true;
+		      def_class_perm |= lacl[pos].a_perm;
+		    }
 		  /* And note the position of the DEF_GROUP_OBJ entry. */
 		  else if (type == DEF_GROUP_OBJ)
 		    def_pgrp_pos = pos;
@@ -514,7 +521,7 @@ getacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp)
 	 CLASS_OBJ entry. The CLASS_OBJ permissions are the or'ed permissions
 	 of the primary group permissions and all secondary user and group
 	 permissions. */
-      if (class_perm && (pos = searchace (lacl, MAX_ACL_ENTRIES, 0)) >= 0)
+      if (has_class_perm && (pos = searchace (lacl, MAX_ACL_ENTRIES, 0)) >= 0)
 	{
 	  lacl[pos].a_type = CLASS_OBJ;
 	  lacl[pos].a_id = ILLEGAL_GID;
@@ -552,7 +559,8 @@ getacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp)
 	 fake a matching DEF_CLASS_OBJ entry. The DEF_CLASS_OBJ permissions are
 	 the or'ed permissions of the primary group default permissions and all
 	 secondary user and group default permissions. */
-      if (def_class_perm && (pos = searchace (lacl, MAX_ACL_ENTRIES, 0)) >= 0)
+      if (has_def_class_perm
+	  && (pos = searchace (lacl, MAX_ACL_ENTRIES, 0)) >= 0)
 	{
 	  lacl[pos].a_type = DEF_CLASS_OBJ;
 	  lacl[pos].a_id = ILLEGAL_GID;