$ mkdir d
$ cd d

$ whoami
> root

$ id -Gn daemon
> daemon bin

$ touch a

Chown and chgrp with no take ownership permission fails:
	$ su daemon
	$ chown daemon a
	> chown: changing ownership of `a': Operation not permitted
	$ chgrp daemon a
	> chgrp: changing group of `a': Operation not permitted
	$ nfs4acl --set 'daemon:rwo::allow' a
	> a: Operation not permitted

Add the take_ownership permission. This is reflected in the file masks; the
file mode cannot show this though:
	$ su
	$ nfs4acl --set 'daemon:rwo::allow' a

Chown and chgrp to an arbitrary other user or group fails:
	$ su daemon
	$ chown root a
	> chown: changing ownership of `a': Operation not permitted
	$ chgrp root a
	> chgrp: changing group of `a': Operation not permitted

Changing the mode makes that an upper bound of the permissions granted, even
when the file mode stays the same:
	$ su
	$ ls -l a | cut -d ' ' -f1
	> -rw-rw----
	$ chmod 660 a

Chown and chgrp to the same user or a group the process is in now fails
because the masks now do not grant change_ownership access:
	$ su daemon
	$ chown daemon a
	> chown: changing ownership of `a': Operation not permitted
	$ chgrp daemon a
	> chgrp: changing group of `a': Operation not permitted
	$ chgrp bin a
	> chgrp: changing group of `a': Operation not permitted

Add back change_ownership:
	$ su
	$ nfs4acl --set 'daemon:rwo::allow' a

Now, chgrp to one of the groups the process is in and chown to the same user
succeeds:
	$ su daemon
	$ chgrp daemon a
	$ chgrp bin a
	$ chown daemon a

$ su
$ cd ..
$ rm -rf d