I have been using this thing below on Windows to set file/directory permissions. It has things like inheritance and all. It seems the Linux equivalent thing is “ACL”. But I want to use GUI. I have searched the web and the only thing I could find was “Eiciel”, but on Manjaro, that software only existed in AUR, which makes me think that the developers of Manjaro did not think it was a recommended package. If so, is there a better alternative GUI? Or are Linux people all just using the command line?
You are still thinking of your computer as a Windows system, and not as a UNIX system. You’re going to run into many (more) difficulties if you cannot let go of this way of thinking.
GNU/Linux supports ACLs (“access control lists”) but does not require them, given that it already has the very efficient and robust UNIX/POSIX-native permissions and file ownership system for regulating access and permissions.
If you want to use and manipulate ACLs — for which there is rarely any need in GNU/Linux — there are the various related command-line utilities, such as
setfacl, plus a bunch of others for dealing with Microsoft filesystems and Microsoft network shares.
With just the chown/chmod thing, is it possible to easily change SMB access of some directories and files? If there are different SMB user groups, and the shared directory and its descendants are all owned by a different group/owner than those SMB user groups, and you want to change specific locations’ permissions for specific SMB user groups on the fly (without restarting Samba), you use chown/chmod?
No, SMB does not understand POSIX permissions. For SMB you would use the pertinent utilities., e.g.
setcifsacl, in combination with the Samba configuration file. See the
apropos command I posted higher up.
I guess this not exactly true. For example permissions on the filesystem must set exactly how it is set at
Lets say I have this samba share:
[share] path = /srv/smb/share read only = No writeable = Yes read list = manjaro write list = manjaro
But I disable the write permissions:
chown -R manjaro:manjaro /srv/smb/share chmod -R ugo-rwx /srv/smb/share
Then even Samba get permissions through its config, it cannot do anything there. So it understands POSIX Permissions.
However… would prefer only using the samba config:
[share] path = /srv/smb/share read only = No writeable = Yes read list = hans judith helmut # can be a user or @group write list = @smbwrite # can be a user or @group invalid users = valid users = hans judith helmut force user = smbshare force group = smbshare
chown -R smbshare:smbshare /srv/smb/share chmod -R u+rwx,g+rw,o-rwx /srv/smb/share
sudo useradd -M -N hans sudo useradd -M -N judith sudo useradd -M -N helmut
sudo groupadd smbwrite sudo usermod -aG smbwrite hans sudo usermod -aG smbwrite judith sudo usermod -aG smbwrite helmut
ACLs are not really needed… You just need to set proper group names and set them at the config file and reload the
Yes, but that’s not the Samba protocol; that’s the Samba process, which itself is a UNIX executable. So of course the process needs the correct permissions. But that’s a whole other thing to how the Samba protocol deals with permissions, and that’s how things will be handled on the Windows client side.
Now you’re being really picky. You talked about Samba, not about the Samba protocol itself.
Yeah I know there is a translation layer for permissions, but I also never used ACLs on Windows in depth, because they are just unnecessary complicated and dumb. But some Admins have to deal with that. Whenever possible, I use NFS in local networks.
Being precise is not picky, its a good practice to do - so there is no ambiguity. If you cant handle it, its your problem.