of the directories they reside in. If multiple files
specify the same path, the entry in the file with the
lexicographically earliest name will be applied, all
- all other conflicting entries logged as errors.</para>
+ all other conflicting entries will be logged as
+ errors. When two lines are prefix and suffix of each
+ other, then the prefix is always processed first, the
+ suffix later. Otherwise the files/directories are
+ processed in the order they are listed.</para>
<para>If the administrator wants to disable a
configuration file supplied by the vendor, the
<varlistentry>
<term><varname>L</varname></term>
- <listitem><para>Create a symlink if it does not exist yet.</para></listitem>
+ <term><varname>L+</varname></term>
+ <listitem><para>Create a
+ symlink if it does not exist
+ yet. If suffixed with
+ <varname>+</varname> and a
+ file already exists where the
+ symlink is to be created it
+ will be removed and be
+ replaced by the
+ symlink.</para></listitem>
</varlistentry>
<varlistentry>
ignored for <varname>x</varname>,
<varname>r</varname>, <varname>R</varname>,
<varname>L</varname> lines.</para>
+
+ <para>Optionally, if prefixed with
+ <literal>~</literal> the access mode is masked
+ based on the already set access bits for
+ existing file or directories: if the existing
+ file has all executable bits unset then all
+ executable bits are removed from the new
+ access mode, too. Similar, if all read bits
+ are removed from the old access mode they will
+ be removed from the new access mode too, and
+ if all write bits are removed, they will be
+ removed from the new access mode too. In
+ addition the sticky/suid/gid bit is removed unless
+ applied to a directory. This
+ functionality is particularly useful in
+ conjunction with <varname>Z</varname>.</para>
</refsect2>
<refsect2>