2.6. *Inheritance of RSBAC settings

[PBU] An important aspect of RSBAC is inheritance. Normally in UNIX the permissions of one file are independent from other files or directories. In RSBAC, they can depend on one of the directories leading to the file or directory. The default setting in RSBAC is to inherit the settings from the parent directory, which in turn can inherit settings from its parent directory, and so on, until the root directory (/) is reached. This mechanism is called inheritance.

The consequence is that changing the settings of a directory automatically changes the settings of files and directories below that directory. This provides an efficient way to administer the security of large numbers of files.

[* add an example of FF no_execute on /home, which prevents programs from being executed in users' directories]

[* also some text about when files do not inherit from their parent directory. I.e. by setting stuff explicitly. Perhaps also add that inheritance is on per-module basis, so setting FF stuff does not affect RC stuff and vice versa. Maybe I left out some special conditions which affect inheritance, which could be added too]