bug#865: 23.0.60; The directory is unsafe today

[Eli Zaretskii]

> Date: Wed, 03 Sep 2008 01:16:05 +0800
> From: Jason Rumney <jasonr@gnu.org>
> Cc: emacs-pretest-bug@gnu.org
> 
> Lennart Borgman (gmail) wrote:
> >   drwxrwxrwx  1 Administrators Domain Users 0 03-07 11:14 server
> >
> > The part that where server-unsure-safe-dir barks is
> >
> >   (eql (nth 2 attrs) (user-uid))
> >
> > This check is maybe something that should be skipped on w32? As you can
> > see from the dired output above it will get "Domain Users" in my case.
> >   
> 
> I think it will get "Administrators" in fact

Yes, because `nth's argument counts from zero.

> Eli, is it possible to tell the difference between an individual user 
> and a group when we get the owner from the system?

If you mean to ask whether LookupAccountSid we use to get the owner or
group name by their SID can tell us if the name it returns is a group
rather than a user, then no, I don't think so, unfortunately.  AFAIK,
Windows doesn't really know that itself, it stores the user and group
names in the same place.  In particular, no user can have a SID that
is identical to a SID of some group.

However, Administrators and Everyone have universally fixed RID values
(544 and 0 respectively), so we could make special code for those two
values on Windows (the offending function already makes exceptions for
Windows anyway).

We can also list all the groups to which the user belongs, and check
if one of them is Administrators.

Btw, I think erroring out if what server-ensure-safe-dir wants to see
is not true is too draconian.  It may be better to ask, at least an an
optional behavior.