:: IRC :.

Join us on freenode.net channel #utah, the IRC channel for all LUGs in Utah. View channel stats.

:: Navigation :.

:: User login :.

:: Who's online :.

There are currently 0 users and 1 guest online.

:: Who's new :.

:: Recent comments :.

The local office in Provo
4 weeks 2 days ago
Hello All, I am a
9 weeks 1 day ago
Linux Kernel Software
9 weeks 1 day ago
Linux Kernel Software
9 weeks 1 day ago
Linux Kernel Software
9 weeks 1 day ago

:: Browse archives :.

:: Poll :.

:: Syndicate :.

sontek

Use a pencil, lets not build another space pen.

URL: http://blog.sontek.net

Updated: 24 min 40 sec ago

Firefox Plugin for Tomboy

Mon, 2008-07-21 17:39 -

A great new Firefox plugin has been created that allows you to create new Tomboy notes from selected text in Firefox, check it out here.

Advanced file permissions in Linux

Fri, 2008-07-04 15:06 -

A lot of Linux/openSUSE users aren’t aware that there are more to file system permissions than the obvious Owner, Group, Other / Read, Write, Execute setup.

All major Linux file systems (ext3, reiserfs, etc) support access control lists (ACL) and its very easy to use them.

To see if a file or directory has an ACL set on it, you can use ls:

inspidell:~ # ls -ld /home/sontek

You’ll get output similar to this:

drwxr-xr-x+ 55 sontek users 4096 Jul 4 13:42 /home/sontek

The + at the end of the permissions means that we are using extended permissions (ACL’s). To get the list of ACL’s on the file/directory, run the getfacl <file> command.

inspidell:~ # getfacl /home/sontek
getfacl: Removing leading '/' from absolute path names
# file: home/sontek
# owner: sontek
# group: users
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group:users:---
default:mask::r-x
default:other::r-x

This shows both the ACL’s and the basic Linux permissions.

To modify or set ACL’s you use the setfacl command. Here are a few examples of how to use it:

Grant a single user read access to a directory in your home directory.
setfacl -m u:mom:r /home/sontek/photos

Remove all access from a group on a file
setfacl -x g:developers payroll.xml

You can also copy a set of permissions from one file to another
getfacl file1 | setfacl --set-file=- file2

Remove all ACL’s
setfacl -k /home/sontek

For those of you who are not console jockey’s, you’ll realize quickly that the default nautilus setup doesn’t have a way to view, modify, or add any ACL’s, to get this support you’ll need to install two packages, with opensuse you do this with zypper:

inspidell:~ # zypper in eiciel nautilus-eiciel

Before the ACL permissions show up in nautilus, you’ll have to restart it:

inspidell:~ # pkill nautilus

After this, you’ll be greeted with a very easy to use dialog for modifying ACL’s:

another great nautilus permissions tip I learned from Christer Edwards is to enable advanced permissions in nautilus, this is a much better UI for managing permissions and should probably be the default.

gconftool-2 --type bool --set /apps/nautilus/preferences/show_advanced_permissions True

A screenshot of this in action:

I hope this helps you better secure and manage your computer with the more advanced features your Linux file systems both from console and inside GNOME.

Provo Linux Users Group, Utah, USA