Insight into the set of rights

The set of rights can be broken into two subsets : where is the set of capabilities and is the set of permissions that can be given to a file, for each possible uid. Let be the set of available uids plus a special element that will mean that the uid check is not needed. Let be the set of capabilities seen in section . Let be the set of file accesses.

We can write
and
.
Thus an insight of could be the union of the two following tables
where each row is an element of .
Let's have a very reduced disk with three files : `/``/bin/``/bin/vi`,
and
(no uid test, id=root and first user).

-1 | CAP_CHOWN |

0 | CAP_CHOWN |

1000 | CAP_CHOWN |

-1 | CAP_DAC_OVERRIDE |

0 | CAP_DAC_OVERRIDE |

1000 | CAP_DAC_OVERRIDE |

... | ... |

-1 | LIDS_OUTLAW |

0 | LIDS_OUTLAW |

1000 | LIDS_OUTLAW |

-1 | r |
/ |

0 | r |
/ |

1000 | r |
/ |

-1 | a |
/ |

0 | a |
/ |

1000 | a |
/ |

-1 | t |
/ |

0 | t |
/ |

1000 | t |
/ |

-1 | x |
/ |

0 | x |
/ |

1000 | x |
/ |

-1 | r |
/bin/ |

0 | r |
/bin/ |

1000 | r |
/bin/ |

... | ... | ... |

1000 | x | /bin/vi |