Linux 只启用 DAC 的话,通常指的是 UGO 和 ACL 扩展
https://hu60.cn/q.php/bbs.topic.105330.html
ACCESS CHECK ALGORITHM
A process may request read, write, or execute/search access to a file object protected by an ACL. The access check algorithm determines
whether access to the object will be granted.
1. If the effective user ID of the process matches the user ID of the file object owner, then
if the ACL_USER_OBJ entry contains the requested permissions, access is granted,
else access is denied.
2. else if the effective user ID of the process matches the qualifier of any entry of type ACL_USER, then
if the matching ACL_USER entry and the ACL_MASK entry contain the requested permissions, access is granted,
else access is denied.
3. else if the effective group ID or any of the supplementary group IDs of the process match the file group or the qualifier of any
entry of type ACL_GROUP, then
if the ACL contains an ACL_MASK entry, then
if the ACL_MASK entry and any of the matching ACL_GROUP_OBJ or ACL_GROUP entries contain the requested permissions, ac‐
cess is granted,
else access is denied.
else (note that there can be no ACL_GROUP entries without an ACL_MASK entry)
if the ACL_GROUP_OBJ entry contains the requested permissions, access is granted,
else access is denied.
4. else if the ACL_OTHER entry contains the requested permissions, access is granted.
5. else access is denied.