It is however not possible to select this in the ACL webfrontend. I only have the selection between '*' and 'master'
It is possible. The second paragraph of the ACL plugin explains it:
The page displays all permissions that are significant for the current page. Permissions regarding other pages are not shown – to edit them browse to the according page first, then change to the ACL Administration.
(Btw, there is a new acl plugin in the making which will make this (and other things) much more comfortable.)
ach wroteAnd you need also to exclude all those unwanted users/groups (again) which you granted permission before:
Where did I give the permission?
'@ALL 0' is applied to '*' ??
Yes, but @diplom has read/write/create/upload permissions for '*', therefore @diplom has also read/write/create/upload permissions for 'master:*' ...
With my line
I just wanted it to be as short as possible. To make it more understandable you could exchange it with:
master:* @user 0
master:* @diplom 0