<def-group>
  <definition class="compliance" id="file_permissions%FILEID%" version="1">
    <metadata>
      <title>Verify %FILEPATH% Permissions</title>
      <affected family="unix">
        <platform>multi_platform_all</platform>
      </affected>
      <description>This test makes sure that %FILEPATH% is owned by %FILEUID%, group owned by %FILEGID%, and has mode %FILEMODE%. If
      the target file or directory has an extended ACL then it will fail the mode check.</description>
    </metadata>
    <criteria>
      <criterion test_ref="test%FILEID%" />
    </criteria>
  </definition>
  <unix:file_test check="all" check_existence="all_exist" comment="%FILEPATH% mode and ownership" id="test%FILEID%" version="1">
    <unix:object object_ref="object%FILEID%" />
    <unix:state state_ref="%FILEID%_state_uid_%FILEUID%" />
    <unix:state state_ref="%FILEID%_state_gid_%FILEGID%" />
    <unix:state state_ref="%FILEID%_state_mode_%FILEMODE%" />
  </unix:file_test>
  <unix:file_object comment="%FILEPATH%" id="object%FILEID%" version="1">
    <unix:path>%FILEDIR%</unix:path>
    %UNIX_FILENAME%
  </unix:file_object>
  <unix:file_state id="%FILEID%_state_uid_%FILEUID%" version="1">
    <unix:user_id datatype="int" operation="equals">%FILEUID%</unix:user_id>
  </unix:file_state>
  <unix:file_state id="%FILEID%_state_gid_%FILEGID%" version="1">
    <unix:group_id datatype="int" operation="equals">%FILEGID%</unix:group_id>
  </unix:file_state>
  <unix:file_state id="%FILEID%_state_mode_%FILEMODE%" version="1">
%STATEMODE%
</def-group>
