Quick Links
Contact Us
Computer Science DepartmentSwarthmore College
500 College Avenue
Swarthmore, PA 19081
Phone: 610.328.8272
Fax: 610.328.8606
Email: info at cs.swarthmore.edu
Copyright 2009 Swarthmore College. All rights reserved.
sharing files with ACLs
If you are working on a group project, and would like to share code easily, one option is to use ACLs (another is to use subversion). ACL stands for Access Control List. ACLs can be used to make the normal file permissions more specific. Like other linux commands, the best information about ACLs can be found in the man page (man setfacl).
setting up acls
To set up ACLs, try our easyfacl.py script. This script will prompt you for:
- A space separated list of user names (include your own username in this list!). Don't worry if you get one wrong, the program will cycle until you fix it.
- The directory whose permissions you would like to change. You can enter a full path or a path relative to your current location. Again, the program will cycle if the directory you enter does not exist.
The script will then show you the commands it will enter. You can confirm, or opt to enter these commands yourself. They should look something like this:
setfacl -R -d -m user:uname1:rwx,user:uname2:rwx dir setfacl -R -m user:uname1:rwx,user:uname2:rwx dir
- You should be one of the users listed so that you can have acl privileges if one of the other users creates files and folders in the acl directory.
- setfacl is the command used to change the acl information about a file or directory.
- -R means make the command recursive, or, use this command to give all the existing files/directories in the directory the same acls.
- -d means make these acls the default. All new files and directories created within this one will have the same acls.
- -m means modify. This sets up the users (in our case, user1 and user2) with rwx permissions on the directory.
The setfacl man page explains all of these options, as well as others, should you desire to play around with setfacl.
After running easyfacl.py or setting acls manually with setfacl, use getfacl dirname to see the acls on a given file or directory.
Here's an example of the whole process, run as user jk:
BASIL[jk]$ mkdir project BASIL[jk]$ easyfacl.py Enter a space separated list of users: jk dhp mary Enter a pathname (relative or full): project These commands will be entered setfacl -R -d -m user:jk:rwx,user:dhp:rwx,user:mary:rwx project setfacl -R -m user:jk:rwx,user:dhp:rwx,user:mary:rwx project Should I do this? (Y/n)y acls are set up press Return> BASIL[jk]$ getfacl project/ # file: project # owner: jk # group: users user::rwx user:jk:rwx user:mary:rwx user:dhp:rwx group::r-x mask::rwx other::r-x default:user::rwx default:user:jk:rwx default:user:mary:rwx default:user:dhp:rwx default:group::r-x default:mask::rwx default:other::r-x BASIL[jk]$
details/troubleshooting
ACLs are complicated, so here are a few things to keep in mind.
-
copying vs. new files
When you make a new file or directory, the default acl takes care of the acls for the new file or dir. If you're copying from some other directory, the default acls don't carry over. So you need:setfacl -m user:u1:rwx,user:u2:rwx copied_file
Where the users listed are the people in your default acl info for the rest of your directory.
-
executable scripts
I am planning to write a script. I make a new file in the acl directory, and begin writing, but then notice that I do not have execute permissions on the file, and thus cannot use my executable script. I need:- chmod +x scriptname
-
reaching the acldir
So you set up the acls, and your partner tries to cd to the directory where you will be doing your project. But the two of you see something like cd: Permission denied. And you thought acls were supposed to fix all of that. Your partner needs to be able to cd to the acl directory. This means that every directory leading to the acl directory must have, as permissions, at least 711. -
removing acls
Your work is done, but you have decided, during the course of your project, that you hate your partner and no longer want the acl permissions active. Thankfully, it is simple to remove them. cd to above the original directory where you set the acls, and:- setfacl -R -b acldir
- -R you've seen before, it means recursive.
- -b means delete all acls.