Granting webservd permission to read from a single file (mode 640) on a directory owned by bob. Note that according to the initial setup, by "other" permission bit, webservd would be able to read any file.
bob@box-01:~/dir1 $ echo Hello > file2
bob@box-01:~/dir1 $ chmod 640 file2
bob@box-01:~/dir1 $ ll
total 1
-rw-r----- 1 bob staff 6 Jun 20 09:35 file2
webservd@box-01:/home/bob/dir1 $ cat file2
cat: cannot open file2: Permission denied
bob@box-01:~/dir1 $ chmod A+user:webservd:raRcs:allow file2
bob@box-01:~/dir1 $ ll -dV file2
-rw-r-----+ 1 bob staff 6 Jun 20 09:35 file2
user:webservd:r-----a-R-c--s:-------:allow
owner@:rw-p--aARWcCos:-------:allow
group@:r-----a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
webservd@box-01:/home/bob/dir1 $ cat file2
Hello
webservd@box-01:/home/bob/dir1 $ rm file2
rm: file2: override protection 640 (yes/no)? y
rm: file2 not removed: Permission denied
