Simplicity is a form of art...

The weird "audit_access" permission
by Sven Vermeulen, post on Sun 19 May 2013

While writing up the posts on capabilities, one thing I had in my mind was to give some additional information on frequently occurring denials, such as the dac_override and dac_read_search capabilities, and when they are triggered. For the DAC-related capabilities, policy developers often notice that these capabilities are triggered without …