Directory Permissions Defaults

From SlackWiki
Revision as of 02:10, 3 June 2009 by Erik (talk | contribs) (Copy from old, had no category, placed in Tutorials)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Problem: Sharing Directories

My wife and I keep our pictures of our kids under a shared directory called /home/shared. We download them with Digikam and sometimes edit them to send out to relatives. The problem was this: if I download the pictures off the camera, then Megan can't edit them or read them. We also had problems with shared files (e.g., our accounting spreadsheets) that I would create and she would modify, or vice versa.

Solution: ACL

To set, in effect, default file-creation masks, you can use ACL (access control lists). The user commands you need to set up ACL are getfacl(1) and setfacl(1).

Edit /etc/fstab

Edit the fourth field of the fstab entry of the partition you want to use ACL on. In this case, it was /dev/sda6 on /home:

/dev/sda6  /home  ext3	   defaults,acl 1   1

adding "acl" to the list of permissions. Without doing this, you'll get

setfacl: /mnt/backup Operation not supported

Then remount the partition: since I was doing this on /home, I rebooted (mount -a did not work).

ACL Commands

getfacl(1) shows you the current ACL status of a file:

 
/media/multimedia: Zshell> getfacl /home                                       
getfacl: Removing leading '/' from absolute path names
# file: home
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

Once the partitions are properly set up (that was the easy part), enter the setfacl(1) commands:

sudo setfacl --recursive -dm g:users:rwx /home/shared

--recursive was important so that each directory beneath /home/shared inherits the default mask.

Now getfacl(1) gives me this:

/media/multimedia: Zshell> getfacl /home/shared
getfacl: Removing leading '/' from absolute path names
# file: home/shared
# owner: joel
# group: users
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:users:rwx
default:mask::rwx
default:other::r-x

And when creating a file:

/media/multimedia: Zshell> cd /home/shared
/home/shared: Zshell> touch my_self
/home/shared: Zshell> ls -l my_self
-rw-rw-r--+ 1 joel users 0 2008-04-06 14:36 my_self

The desired outcome!

Note: this did what I wanted, but it's just a beginning. Read the setfacl(1) and getfacl(1) man pages for the full story.

Official Package Data

PACKAGE NAME:     acl-2.2.39_1-i486-2
COMPRESSED PACKAGE SIZE:     139 K
UNCOMPRESSED PACKAGE SIZE:     350 K
PACKAGE LOCATION: ./acl-2.2.39_1-i486-2.tgz
PACKAGE DESCRIPTION:
acl: acl (tools for using POSIX Access Control Lists)
acl:
acl: This package contains a set of tools and libraries for manipulating
acl: POSIX Access Control Lists.  POSIX Access Control Lists (defined in
acl: POSIX 1003.1e draft standard 17) are used to define more fine-grained
acl: discretionary access rights for files and directories.
acl:
acl:
acl:
acl:
acl:

in slackware/a[1] Trashbird1240 14:49, 6 April 2008 (EDT)