Let's explain it with an example. We suppose we have /usr/bin that have some permissions, and that does not have any inheritance, and /usr/bin/httpd that have some other permissions and that inherit the permissions of /usr/sbin (see fig. ). The effective permissions for /usr/bin/httpd will be a merge of all permissions, as seen in fig. . We can notice that the permissions on /home/httpd/index.html are those inherited from /usr/bin and not those from /usr/bin/httpd for /home/httpd.
The permissisons also depends upon the real uid of the process. Each file or directory representing an equivalence class is tagged with an uid number or a default flag. When a process wants to access a file, LIDS will check for the presence of this file in his rules (the rules are thoses of the file and those inherited), tagged with the correct uid or the default flag. If both are found, the one tagged with the uid will be used. If none are found, the same check is done for the parent directory of the file, and so on until a rule is found. If no rules are found, the permission is refused.