First page Back Continue Last page Overview Graphics
POSIX ACL Evaluation
Order of evaluation is not dependent on the ordering of entries in the ACL.
- Try matching the effective uid in the process token with the owner uid entry, followed by any uid in the ACL (after the mask is ANDed into the granted permissions for extra uids). If a match is found and the requested access is listed, return success.
- Try matching the effective group followed by any supplemental groups against any group in the ACL. If a match contains the requested access (ANDed with the mask), return success.
- Note that these permission checks are not cumulative.
- Finally (if no match) use the permissions granted to 'other'.