If you are working on a group project, and would like to share code, one option is to use ACLs. ACL stands for Access Control List. ACLs can be used to make the normal file permissions more specific.
To set up ACLs, try our
easyfacl.py script. This script will prompt you for:
The script will then show you the commands it will enter. You can confirm, or opt to enter these commands yourself. They should look something like this:
setfacl -R -d -m user:uname1:rwx,user:uname2:rwx dir setfacl -R -m user:uname1:rwx,user:uname2:rwx dir
You should be one of the users listed so that you have ACL privileges if one of the other users creates files and folders in the directory.
setfacl is the command used to change the ACL information about a file or directory.
-R means make the command recursive, or, use this command to give all the existing files/directories in the directory the same ACLs.
-d means make these ACLs the default. All new files and directories created within this one will have the same ACLs.
-m means modify. This sets up the users (in our case, user1 and user2) with rwx permissions on the directory.
easyfacl.py or setting ACLs manually with
getfacl dirname to see the ACLs on a given file or directory.
Here's an example of the whole process, run as user jk:
BASIL[jk]$ mkdir project BASIL[jk]$ easyfacl.py Enter a space separated list of users: jk dhp mary Enter a pathname (relative or full): project These commands will be entered setfacl -R -d -m user:jk:rwx,user:dhp:rwx,user:mary:rwx project setfacl -R -m user:jk:rwx,user:dhp:rwx,user:mary:rwx project Should I do this? (Y/n)y acls are set up press Return> BASIL[jk]$ getfacl project/ # file: project # owner: jk # group: users user::rwx user:jk:rwx user:mary:rwx user:dhp:rwx group::r-x mask::rwx other::r-x default:user::rwx default:user:jk:rwx default:user:mary:rwx default:user:dhp:rwx default:group::r-x default:mask::rwx default:other::r-x BASIL[jk]$
ACLs are complicated, so here are a few things to keep in mind.
copying vs. new files: When you make a new file or directory, the default ACL takes care of the ACLs for the new file or dir. If you're copying from some other directory, the default ACLs don't carry over. So you need:
setfacl -m user:u1:rwx,user:u2:rwx copied_file
Where the users listed are the people in your default ACL info for the rest of your directory.
executable scripts: I am planning to write a script. I make a new file in the ACL directory, and begin writing, but then notice that I do not have execute permissions on the file, and thus cannot use my executable script. I need:
chmod +x scriptname
The +x is important, because you want to add execute permissions. You don't want to say
chmod 700 because that will change existing ACLs on the file.
reaching the ACLdir: So you set up the ACLs, and your partner tries to
cd to the directory where you will be doing your project. But the two of you see something like cd: Permission denied. And you thought ACLs were supposed to fix all of that! Your partner needs to be able to cd to the ACL directory. This means that every directory leading to the ACL directory must have, as permissions, at least 711 (or 755).
removing ACLs: Your work is done, but you have decided, during the course of your project, that you hate your partner and no longer want the ACL permissions active. Thankfully, it is simple to remove them.
cd to above the original directory where you set the ACLs, and:
setfacl -R -b acldir
-R means recursive, the
-b means delete all acls.
Back to SwatCS Help Docs