Element mode bits in an ACL-enabled VOB

Elements in ACLs-enabled VOBs have both mode bits (Linux-style owner/group/other protections of r,w,x) and ACLs.

The mode bits are only used to determine execute permission. All other permissions come from the ACL.

For plain file elements, read access to their versions is determined by the controlling rolemap's effective ACL using the read-info permission. Execute permission comes from the user-position execute bit if the process is the owner of the element; otherwise it comes from the group-position execute bit. However, execute permission is only granted if the process also has read-info permission on the element.

For VOB directory elements, access is likewise governed by the controlling rolemap's effective ACL, with read-info permission granting the ability to list the directory's contents (equivalent to the r bit in Linux directory permissions), lookup-dir granting permission to look up a name in the directory (equivalent to the x bit in Linux directory permissions) and write-dir permission granting the ability to create or remove view-private files and directories.

For all elements, read-info permission is also required in order to see standard file system attributes of the selected element version (owner, group, size, mode bits, timestamps) through dynamic views. If the process does not have this permission, it can see the name in the directory listing but cannot display attributes, so the system ls command will show some incomplete output for such an element.