* fhandler.cc (fhandler_base::open): Don't open file with WRITE_DAC

access on remote filesystem.  Explain why.
	* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Ditto for
	directories.
	* fhandler_socket.cc (fhandler_socket::bind): Ditto for sockets.
	* path.cc (symlink_worker): Ditto for symlinks.

winsup/cygwin/ChangeLog

@@ -1,3 +1,12 @@
+2011-07-05  Corinna Vinschen  <corinna@vinschen.de>
+
+	* fhandler.cc (fhandler_base::open): Don't open file with WRITE_DAC
+	access on remote filesystem.  Explain why.
+	* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Ditto for
+	directories.
+	* fhandler_socket.cc (fhandler_socket::bind): Ditto for sockets.
+	* path.cc (symlink_worker): Ditto for symlinks.
+
 2011-07-04  Christopher Faylor  <me.cygwin2011@cgf.cx>
 
 	* environ.cc (tty_is_gone): Wrap warning at 80 characters.

winsup/cygwin/fhandler.cc

@@ -613,11 +613,16 @@ fhandler_base::open (int flags, mode_t mode)
 	    /* If mode has no write bits set, and ACLs are not used, we set
 	       the DOS R/O attribute. */
 	    file_attributes |= FILE_ATTRIBUTE_READONLY;
-	  else if (!exists () && has_acls ())
+	  else if (!exists () && has_acls () && !isremote ())
 	    /* If we are about to create the file and the filesystem supports
 	       ACLs, we will overwrite the DACL after the call to NtCreateFile.
 	       This requires a handle with additional WRITE_DAC access,
-	       otherwise set_file_sd has to open the file again. */
+	       otherwise set_file_sd has to open the file again.
+	       FIXME: On remote NTFS shares open sometimes fails because even
+	       the creator of the file doesn't have the right to change the
+	       DACL.  I don't know what setting that is or howq to recognize
+	       such a share, so for now we don't request WRITE_DAC on remote
+	       drives. */
 	    access |= WRITE_DAC;
 
 	  /* The file attributes are needed for later use in, e.g. fchmod. */

winsup/cygwin/fhandler_disk_file.cc

@@ -1653,11 +1653,15 @@ fhandler_disk_file::mkdir (mode_t mode)
       nfs_attr->type = NF3DIR;
       nfs_attr->mode = (mode & 07777) & ~cygheap->umask;
     }
-  else if (has_acls ())
+  else if (has_acls () && !isremote ())
     /* If the filesystem supports ACLs, we will overwrite the DACL after the
        call to NtCreateFile.  This requires a handle with READ_CONTROL and
        WRITE_DAC access, otherwise get_file_sd and set_file_sd both have to
-       open the file again. */
+       open the file again.
+       FIXME: On remote NTFS shares open sometimes fails because even the
+       creator of the file doesn't have the right to change the DACL.
+       I don't know what setting that is or howq to recognize such a share,
+       so for now we don't request WRITE_DAC on remote drives. */
     access |= READ_CONTROL | WRITE_DAC;
   status = NtCreateFile (&dir, access, pc.get_object_attr (attr, sa), &io, NULL,
 			 FILE_ATTRIBUTE_DIRECTORY, FILE_SHARE_VALID_FLAGS,

winsup/cygwin/fhandler_socket.cc

@@ -970,8 +970,12 @@ fhandler_socket::bind (const struct sockaddr *name, int namelen)
       /* If the filesystem supports ACLs, we will overwrite the DACL after the
 	 call to NtCreateFile.  This requires a handle with READ_CONTROL and
 	 WRITE_DAC access, otherwise get_file_sd and set_file_sd both have to
-	 open the file again. */
+	 open the file again.
-      if (pc.has_acls ())
+	 FIXME: On remote NTFS shares open sometimes fails because even the
+	 creator of the file doesn't have the right to change the DACL.
+	 I don't know what setting that is or howq to recognize such a share,
+	 so for now we don't request WRITE_DAC on remote drives. */
+      if (pc.has_acls () && !pc.isremote ())
 	access |= READ_CONTROL | WRITE_DAC;
 
       status = NtCreateFile (&fh, access, pc.get_object_attr (attr, sa), &io,

winsup/cygwin/path.cc

@@ -1673,11 +1673,15 @@ symlink_worker (const char *oldpath, const char *newpath, bool use_winsym,
 	  goto done;
 	}
     }
-  else if (!isdevice && win32_newpath.has_acls ())
+  else if (!isdevice && win32_newpath.has_acls () && !win32_newpath.isremote ())
     /* If the filesystem supports ACLs, we will overwrite the DACL after the
        call to NtCreateFile.  This requires a handle with READ_CONTROL and
        WRITE_DAC access, otherwise get_file_sd and set_file_sd both have to
-       open the file again. */
+       open the file again.
+       FIXME: On remote NTFS shares open sometimes fails because even the
+       creator of the file doesn't have the right to change the DACL.
+       I don't know what setting that is or howq to recognize such a share,
+       so for now we don't request WRITE_DAC on remote drives. */
     access |= READ_CONTROL | WRITE_DAC;
 
   status = NtCreateFile (&fh, access, win32_newpath.get_object_attr (attr, sa),