--- nttrans.c.orig	2009-11-05 19:11:59.000000000 -0800
+++ nttrans.c	2009-11-05 19:57:28.000000000 -0800
@@ -764,6 +764,11 @@
 		return NT_STATUS_OK;
 	}
 
+	/* Bug 6874 - if the DAC bit is not set, fail request. */
+	if (!(fsp->access_mask & SEC_STD_WRITE_DAC)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd);
 
 	if (!NT_STATUS_IS_OK(status)) {
@@ -786,7 +791,13 @@
 		NDR_PRINT_DEBUG(security_descriptor, psd);
 	}
 
+	/* Bug 6874 - Need to be root so that a user can set acls on
+	 * a file he/she does not own but has access rights to allow the 
+	 * operation.
+	 */
+	become_root();
 	status = SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd);
+	unbecome_root();
 
 	TALLOC_FREE(psd);