Comments on: Back to Basics: Unix File Permissions http://www.longitudetech.com/linux-unix/back-to-basics-unix-file-permissions/ Thinking, doing, and learning about sysadmin/devops issues. Tue, 20 Sep 2011 23:05:24 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Hamburg Escort http://www.longitudetech.com/linux-unix/back-to-basics-unix-file-permissions/comment-page-1/#comment-92 Hamburg Escort Sat, 06 Mar 2010 18:53:05 +0000 http://www.longitudetech.com/blog/?p=32#comment-92 You're absolutely right! You’re absolutely
right!

]]> By: charlie http://www.longitudetech.com/linux-unix/back-to-basics-unix-file-permissions/comment-page-1/#comment-27 charlie Fri, 19 Feb 2010 20:40:02 +0000 http://www.longitudetech.com/blog/?p=32#comment-27 Hi Charlie, Yes, I love Twitter; and you're certainly right about the nitpicky corrections, thanks :) Extended ACLs are extended attributes (permissions) that can be applied to most POSIX file systems. NFSv4 ACLs are a whole different beast, and the two don't always jive. Say you have an NFS server running Solaris and files with extended ACLs. Linux will not see those at all. NFSv4 server to NFSv4 client (if they are all Linux) works, but that's the extent last I checked. Real world: say I want to give a friend/coworker access to a file. I either open it up to the world or must be in the same group as him. With setfacl, you can just grant him read access to that file or directory. Also, default ACLs are super handy. Instead of hoping collaborators understand umask, you can enforce a mask that ensures files written to a shared directory are group-writable. I wrote an article about group collaboration (but focused on Samba), here: http://www.linuxplanet.com/linuxplanet/tutorials/6844/1/ In Linux/Solaris, see: setfacl(1), getfacl(1) (if Ubuntu, you must have the 'acl' package installed) Sorry, I don't know anything about VMS. Hi Charlie,

Yes, I love Twitter; and you’re certainly right about the nitpicky corrections, thanks :)

Extended ACLs are extended attributes (permissions) that can be applied to most POSIX file systems. NFSv4 ACLs are a whole different beast, and the two don’t always jive. Say you have an NFS server running Solaris and files with extended ACLs. Linux will not see those at all. NFSv4 server to NFSv4 client (if they are all Linux) works, but that’s the extent last I checked.

Real world: say I want to give a friend/coworker access to a file. I either open it up to the world or must be in the same group as him. With setfacl, you can just grant him read access to that file or directory. Also, default ACLs are super handy. Instead of hoping collaborators understand umask, you can enforce a mask that ensures files written to a shared directory are group-writable. I wrote an article about group collaboration (but focused on Samba), here:
http://www.linuxplanet.com/linuxplanet/tutorials/6844/1/

In Linux/Solaris, see: setfacl(1), getfacl(1)
(if Ubuntu, you must have the ‘acl’ package installed)

Sorry, I don’t know anything about VMS.

]]> By: Charlie http://www.longitudetech.com/linux-unix/back-to-basics-unix-file-permissions/comment-page-1/#comment-26 Charlie Fri, 19 Feb 2010 20:11:04 +0000 http://www.longitudetech.com/blog/?p=32#comment-26 Thanks for the follow on Twitter. See how it drives traffic to your blog? And while we're being all nitpicky here, it's "octal" not "decimal" and "mnemonic" not "pneumonic." The stuff about 4000/2000/1000 bits was enlightening. I admit that I've limited my application of permissions to the 777 discussed in the first half of this article. The sentence "Often the extended attributes aren’t necessary, and ACLs likely won’t work over NFS if you’re using Linux" raised a few questions in my head, to wit: 1) What are some useful use cases and real-world purposes for the extended attributes? 2) What's an ACL? 2a) Are they similar/different to the Access Control List concept in OpenVMS? 2b) While we're on VMS, why is there no "D"elete bit in the Unix permissions and what's the use of it in OpenVMS when a user with "W"rite can simply truncate a file, effectively erasing it? 3) What (typically) goes wrong with ACLs via nfs? That said, I tend to run Linux on personal machines, in developer environments where everybody on the box has sudoer access, or where files are all buried beneath a tangled web of network application software, so it might as well be like DOS permissions for all the practical good it does me. Thanks for the follow on Twitter. See how it drives traffic to your blog?

And while we’re being all nitpicky here, it’s “octal” not “decimal” and “mnemonic” not “pneumonic.”

The stuff about 4000/2000/1000 bits was enlightening. I admit that I’ve limited my application of permissions to the 777 discussed in the first half of this article.

The sentence “Often the extended attributes aren’t necessary, and ACLs likely won’t work over NFS if you’re using Linux” raised a few questions in my head, to wit: 1) What are some useful use cases and real-world purposes for the extended attributes? 2) What’s an ACL? 2a) Are they similar/different to the Access Control List concept in OpenVMS? 2b) While we’re on VMS, why is there no “D”elete bit in the Unix permissions and what’s the use of it in OpenVMS when a user with “W”rite can simply truncate a file, effectively erasing it? 3) What (typically) goes wrong with ACLs via nfs?

That said, I tend to run Linux on personal machines, in developer environments where everybody on the box has sudoer access, or where files are all buried beneath a tangled web of network application software, so it might as well be like DOS permissions for all the practical good it does me.

]]> By: charlie http://www.longitudetech.com/linux-unix/back-to-basics-unix-file-permissions/comment-page-1/#comment-19 charlie Thu, 18 Feb 2010 04:26:45 +0000 http://www.longitudetech.com/blog/?p=32#comment-19 Just checking to see if people were paying attention! Ok, it was a typo - thanks! (fixed) Just checking to see if people were paying attention! Ok, it was a typo – thanks! (fixed)

]]> By: John http://www.longitudetech.com/linux-unix/back-to-basics-unix-file-permissions/comment-page-1/#comment-18 John Thu, 18 Feb 2010 03:00:39 +0000 http://www.longitudetech.com/blog/?p=32#comment-18 The chart you give shows binary 3 as 110 and, as I am sure you know, it should be 011. That being said, I now have a clear understanding of file permissions. Thank you. The chart you give shows binary 3 as 110 and, as I am sure you know, it should be 011. That being said, I now have a clear understanding of file permissions. Thank you.

]]>