Change well_known_admin_sid to well_known_admins_sid throughout.

        * sec_acl.cc (setacl): Never set DELETE permission. Set
        FILE_DELETE_CHILD only on readable and executable directories.
        * sec_helper.cc: Add constructor for `well_known_null_sid'.
        * security.cc (get_nt_attribute): Set S_ISVTX for directories if
        FILE_WRITE_DATA and FILE_EXECUTE but not FILE_DELETE_CHILD is set.
        Add evaluation of S_ISVTX, S_ISGID and S_ISUID from NULL ACE.
        (alloc_sd): Never set DELETE permission. Set FILE_DELETE_CHILD
        only on readable and executable directories.
        Add creation of NULL ACE for S_ISVTX, S_ISGID and S_ISUID permissions.
        * security.h: Add extern declaration for `well_known_null_sid'.

1 files changed, 3 insertions, 2 deletions

diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index cd5722f0c..6b9b7cc31 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -121,10 +121,11 @@ setacl (const char *file, int nentries, aclent_t *aclbufp)
       if (aclbufp[i].a_perm & S_IROTH)
 	allow |= FILE_GENERIC_READ;
       if (aclbufp[i].a_perm & S_IWOTH)
-	allow |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE
-		 | DELETE | FILE_DELETE_CHILD;
+	allow |= STANDARD_RIGHTS_ALL | FILE_GENERIC_WRITE;
       if (aclbufp[i].a_perm & S_IXOTH)
 	allow |= FILE_GENERIC_EXECUTE;
+      if ((aclbufp[i].a_perm & (S_IWOTH | S_IXOTH)) == (S_IWOTH | S_IXOTH))
+        allow |= FILE_DELETE_CHILD;
       /* Set inherit property. */
       DWORD inheritance = (aclbufp[i].a_type & ACL_DEFAULT)
 			  ? INHERIT_ONLY : DONT_INHERIT;