ACL (permissions)

BW-userx · 02-08-2023, 07:07 AM

I got one laptop, two or more user logins, just me. so 1 user, with multiple user names on one laptop. Forbade the why, and just work with me here.

NTFS

Code:

$ getfacl /media/ntfs
getfacl: Removing leading '/' from absolute path names
# file: media/ntfs
# owner: userx
# group: users
user::rwx
group::rwx
other::r-x

EXT4

Code:

userx@Ubutt-Butt:~$ getfacl /media/storage
getfacl: Removing leading '/' from absolute path names
# file: media/storage
# owner: userx
# group: users
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:users:rwx
default:mask::rwx
default:other::r-x

EXT4

Code:

userx@Ubutt-Butt:~$ getfacl /media/data
getfacl: Removing leading '/' from absolute path names
# file: media/data
# owner: userx
# group: users
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:users:rwx
default:mask::rwx
default:other::r-x

on this NTFS partition with that new ntfs programmed into the kernel as that is what I read about it, and putting it back to ntfs3g gave me strange results, aka booting errors.
OS's
Slackware,
Ubuntu Studio 22.10 - for fully accessible tablet
windows

on my ntfs drive:

I mostly notice it because that is what I am using for this project with blender. if one user creates a file and i go in to edit it with another user it does not allow me to save it.
User IDs

Code:

uid=1001(blender) gid=100(users) groups=100(users),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),134(lxd),999(sambashare)

User IDs

Code:

uid=1000(userx) gid=1000(userx) groups=1000(userx),4(adm),24(cdrom),27(sudo),29(audio),30(dip),46(plugdev),100(users),122(lpadmin),999(sambashare)

both distros the user and main group is the same IDs for compatibility. Using the 'users' group to "try" and control both read a write executable through the "users" group, but it is not working (all of the time, or lately)

Code:

blender@Ubutt-Butt:/home/userx
$ ls -la /media/ntfs
total 833792
drwxrwxr-x 1 userx   users     28672 Feb  7 17:10  .
drwxr-xr-x 9 root    root       4096 Feb  4 10:40  ..
drwxrwxrwx 1 userx   users         0 Jan 20 13:16 '$RECYCLE.BIN'
drwxrwxr-x 1 userx   users     32768 Jan 28 16:49  blender-videos
drwxrwxrwx 1 userx   users         0 Feb  7 17:04  BL_proxy

-rw-r--r-- 1 blender users    375194 Feb  7 17:15  face.png

drwxrwxr-x 1 userx   users      4096 Feb  7 20:16  futurama-heads
-rw-rw-r-- 1 userx   users 110690067 Aug 30 11:46 'How to Paint Skin Like Disney Characters in Blender (Full Guide)-xIk3gF53cig.mp4'
-rw-rw-r-- 1 userx   users  28245132 Jan 23 20:28  HuionTablet_v15.0.0.89.202205241352.x86_64.deb
-rw-rw-r-- 1 userx   users   7069104 Jan 28 10:55  human-skin-pratice-file_V1.blend
-rw-rw-r-- 1 userx   users   7876836 Jan 28 15:17  human-skin-pratice-file_V2.blend
-rw-rw-r-- 1 userx   users   7863748 Jan 28 14:33  human-skin-pratice-file_V2.blend1
-rw-rw-r-- 1 userx   users     45025 Jan 25 11:17  istockphoto-1362875586-1024x1024.jpg
-rw-r--r-- 1 userx   users    170179 Feb  6 09:59  _jadevanillahair.jpg

some files are saved with both user and group rw permissions,and some ware not.

does anyone have a method to fix that so that regardless of who created the file if a user is in a designated group (users) they too will have read, write, and or executable permissions on that file as well?

wpeckham · 02-08-2023, 11:46 AM

NTFS ACLs are Windows style and do not translate directly (some of them AT ALL) into *nix ACLs. You cannot properly manage NTFS ACLs form Linux, or Linux ACLs from Windows: it will always fail at some non-trivial point. Often in disturbing and confusing ways. Oh, and at the worst time.

BW-userx · 02-08-2023, 03:20 PM

Quote:

Originally Posted by wpeckham

NTFS ACLs are Windows style and do not translate directly (some of them AT ALL) into *nix ACLs. You cannot properly manage NTFS ACLs form Linux, or Linux ACLs from Windows: it will always fail at some non-trivial point. Often in disturbing and confusing ways. Oh, and at the worst time.

well, it use to be windows had no permissions (ntfs3g)in linux making it nice to not have to worry about this.

sundialsvcs · 02-08-2023, 09:40 PM

Best strategy now is to firmly set the intended permissions on "the side" – probably Windows in this case – "which actually holds the data." Then, nevermind the rules systems which might hold on the "foreign side," since these don't actually matter. Whatever exists is merely a mapping from one [incompatible ...] context to the other.

BW-userx · 02-09-2023, 09:40 AM

Quote:

Originally Posted by sundialsvcs

Best strategy now is to firmly set the intended permissions on "the side" – probably Windows in this case – "which actually holds the data." Then, nevermind the rules systems which might hold on the "foreign side," since these don't actually matter. Whatever exists is merely a mapping from one [incompatible ...] context to the other.

I guess I'll have to go into windows and figure out how to set permissions on there drives now. and see what that does.