From 32860331914d2c5c6a42d6e4a32907a2ee6c1974 Mon Sep 17 00:00:00 2001
From: Bill Zissimopoulos <billziss@navimatics.com>
Date: Mon, 6 Jun 2016 00:33:26 -0700
Subject: [PATCH] dll: POSIX interop:
 FspPosixMapPermissionsToSecurityDescriptor

---
 src/dll/posix.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/dll/posix.c b/src/dll/posix.c
index adad5f49..1c4c1d3c 100644
--- a/src/dll/posix.c
+++ b/src/dll/posix.c
@@ -364,7 +364,18 @@ FSP_API VOID FspDeleteSid(PSID Sid, NTSTATUS (*CreateFunc)())
 
 static inline ACCESS_MASK FspPosixMapPermissionToAccessMask(UINT32 Mode, UINT32 Perm)
 {
-    /* if only directory bit is set out of directory/sticky bit then DeleteChild */
+    /*
+     * We use only the 0040000 (directory) and 0001000 (sticky) bits from Mode.
+     * If this is a directory and it does not have the sticky bit set (and the
+     * write permission is enabled) we add FILE_DELETE_CHILD access.
+     *
+     * When calling this function for computing the Owner access mask, we always
+     * pass Mode & ~0001000 to remove the sticky bit and thus add FILE_DELETE_CHILD
+     * access if it is a directory. For Group and World permissions we do not
+     * remove the sticky bit as we do not want FILE_DELETE_CHILD access in these
+     * cases.
+     */
+
     ACCESS_MASK DeleteChild = 0040000 == (Mode & 0041000) ? FILE_DELETE_CHILD : 0;
 
     return