The
.BR CAP_FOWNER
capability is treated somewhat exceptionally:
-most of the checks that it governs can be bypassed so long as
-just the file's user ID has a mapping in the user namespace
.\" These are the checks performed by the kernel function
.\" inode_owner_or_capable(). There is one exception to the exception:
.\" overriding the directory sticky permission bit requires that
.\" the file has a valid mapping for both its UID and GID.
+it allows a process to bypass the corresponding rules so long as
+at least the file's user ID has a mapping in the user namespace
(i.e., the file's group ID does not need to have a valid mapping).
.\"
.\" ============================================================