PreviousNext

The mask_obj Mask and ACL Checking

Before the ACL manager grants any permissions derived from checking the ACL entries, it filters the entry permissions through the mask_obj mask. Only those permissions named in the ACL entry and in the mask are granted. For example, if an ACL entry grants rwx permissions and the mask_obj entry specifies only r and w permission, only r and w are granted. The x permission named in the ACL entry is ignored.