GUI for advanced file access management (ACL)?

I have been using this thing below on Windows to set file/directory permissions. It has things like inheritance and all. It seems the Linux equivalent thing is “ACL”. But I want to use GUI. I have searched the web and the only thing I could find was “Eiciel”, but on Manjaro, that software only existed in AUR, which makes me think that the developers of Manjaro did not think it was a recommended package. If so, is there a better alternative GUI? Or are Linux people all just using the command line?

You are still thinking of your computer as a Windows system, and not as a UNIX system. You’re going to run into many (more) difficulties if you cannot let go of this way of thinking.

GNU/Linux supports ACLs (“access control lists”) but does not require them, given that it already has the very efficient and robust UNIX/POSIX-native permissions and file ownership system for regulating access and permissions.

If you want to use and manipulate ACLs — for which there is rarely any need in GNU/Linux — there are the various related command-line utilities, such as getfacl and setfacl, plus a bunch of others for dealing with Microsoft filesystems and Microsoft network shares.

See… :arrow_down:

apropos acl

With just the chown/chmod thing, is it possible to easily change SMB access of some directories and files? If there are different SMB user groups, and the shared directory and its descendants are all owned by a different group/owner than those SMB user groups, and you want to change specific locations’ permissions for specific SMB user groups on the fly (without restarting Samba), you use chown/chmod?

No, SMB does not understand POSIX permissions. For SMB you would use the pertinent utilities., e.g. setcifsacl, in combination with the Samba configuration file. See the apropos command I posted higher up.

I guess this not exactly true. For example permissions on the filesystem must set exactly how it is set at smb.conf.

Lets say I have this samba share:

path = /srv/smb/share
read only = No
writeable = Yes
read list = manjaro 
write list = manjaro

But I disable the write permissions:

chown -R manjaro:manjaro /srv/smb/share
chmod -R ugo-rwx /srv/smb/share

Then even Samba get permissions through its config, it cannot do anything there. So it understands POSIX Permissions.


However… would prefer only using the samba config:

path = /srv/smb/share
read only = No
writeable = Yes
read list = hans judith helmut # can be a user or @group
write list = @smbwrite  # can be a user or @group
invalid users =
valid users = hans judith helmut
force user = smbshare
force group = smbshare
chown -R smbshare:smbshare /srv/smb/share
chmod -R u+rwx,g+rw,o-rwx /srv/smb/share
sudo useradd -M -N hans
sudo useradd -M -N judith
sudo useradd -M -N helmut
sudo groupadd smbwrite
sudo usermod -aG smbwrite hans
sudo usermod -aG smbwrite judith
sudo usermod -aG smbwrite helmut

ACLs are not really needed… You just need to set proper group names and set them at the config file and reload the smb.service :wink:

Yes, but that’s not the Samba protocol; that’s the Samba process, which itself is a UNIX executable. So of course the process needs the correct permissions. But that’s a whole other thing to how the Samba protocol deals with permissions, and that’s how things will be handled on the Windows client side. :wink:

Now you’re being really picky. You talked about Samba, not about the Samba protocol itself. :face_with_peeking_eye:

Yeah I know there is a translation layer for permissions, but I also never used ACLs on Windows in depth, because they are just unnecessary complicated and dumb. But some Admins have to deal with that. Whenever possible, I use NFS in local networks.

1 Like

Being precise is not picky, its a good practice to do - so there is no ambiguity. If you cant handle it, its your problem.