A Django site.
July 4, 2008

John Anderson
sontek
sontek ( John M. Anderson )
» Advanced file permissions in Linux

A lot of Linux/openSUSE users aren’t aware that there are more to file system permissions than the obvious Owner, Group, Other / Read, Write, Execute setup.

All major Linux file systems (ext3, reiserfs, etc) support access control lists (ACL) and its very easy to use them.

To see if a file or directory has an ACL set on it, you can use ls:

inspidell:~ # ls -ld /home/sontek

You’ll get output similar to this:

drwxr-xr-x+ 55 sontek users 4096 Jul  4 13:42 /home/sontek

The + at the end of the permissions means that we are using extended permissions (ACL’s). To get the list of ACL’s on the file/directory, run the getfacl <file> command.

inspidell:~ # getfacl /home/sontek
getfacl: Removing leading '/' from absolute path names
# file: home/sontek
# owner: sontek
# group: users
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group:users:---
default:mask::r-x
default:other::r-x

This shows both the ACL’s and the basic Linux permissions.

To modify or set ACL’s you use the setfacl command. Here are a few examples of how to use it:

Grant a single user read access to a directory in your home directory.
setfacl -m u:mom:r /home/sontek/photos

Remove all access from a group on a file
setfacl -x g:developers payroll.xml

You can also copy a set of permissions from one file to another
getfacl file1 | setfacl --set-file=- file2

Remove all ACL’s
setfacl -k /home/sontek

For those of you who are not console jockey’s, you’ll realize quickly that the default nautilus setup doesn’t have a way to view, modify, or add any ACL’s, to get this support you’ll need to install two packages, with opensuse you do this with zypper:

inspidell:~ # zypper in eiciel nautilus-eiciel

Before the ACL permissions show up in nautilus, you’ll have to restart it:

inspidell:~ # pkill nautilus

After this, you’ll be greeted with a very easy to use dialog for modifying ACL’s:
Screenshot of FACL permissions

another great nautilus permissions tip I learned from Christer Edwards is to enable advanced permissions in nautilus, this is a much better UI for managing permissions and should probably be the default.

gconftool-2 --type bool --set /apps/nautilus/preferences/show_advanced_permissions True

A screenshot of this in action:

Screenshot of nautilus advanced permissions

I hope this helps you better secure and manage your computer with the more advanced features your Linux file systems both from console and inside GNOME.

by sontek at 10:06 PM under facl , gnome , linux , nautilus , opensuse , permissions , suse (Comments)
June 10, 2008

Christer Edwards
nonic
Ubuntu Tutorials : Dapper - Gutsy - Hardy - Intrepid
» Enable The Nautilus Advanced Permissions Dialog In Ubuntu 8.04

Recently you may have seen this topic on Tombuntu’s blog, but if you missed it here is an outline of how to enable the advanced permissions dialog in the Nautilus file manager.

Activating the Advanced Permissions Dialog in Nautilus

Activating (or deactivating) the advanced permissions dialog can be done by way of a single command.  To activate the dialog use the command:

gconftool-2 --type bool --set /apps/nautilus/preferences/show_advanced_permissions True

To deactivate the dialog and revert to the default settings, use the command:

gconftool-2 --type bool --set /apps/nautilus/preferences/show_advanced_permissions False

Do you prefer one over the other?  The more advanced dialog reminds me of old permission dialogs in FTP clients I remember.  I think I may prefer it, but I haven’t used it long enough to decide.

Related

by Christer Edwards at 2:58 AM under gnome , nautilus , permissions (Comments)