##(see the SpecSpec for an explanation) * '''Launchpad Entry''': [[https.launchpad.net/distros/ubuntu/+spec/acl-onbydefault]] * '''Created''': <> PeterVanderKlippe * '''Contributors''': PeterVanderKlippe, AnteKaramatic * '''Packages affected''': All * naultilus * eiciel * tar * cpio * zip == Summary == Lets turn access control lists (ACL) on by default for Ubuntu. Part of the original outline for Edgy is to try new things. Not just optionally installable, as it is now (in dapper, others?) but make it the default way edgy deals with permissions. ''Quote:'' {{{ And that's exactly what we hope the development team will do with Ubuntu during the Edgy cycle - explore slightly unfamiliar and uncharted territory that is perhaps a little out of the mainstream. }}} Nautilus acl and xattr control panel: http://rofi.pinchito.com/eiciel/ == Rationale == 1. Much better permission control then any other system. 2. Easy to implement, we just need to enforce it for the whole OS. (the entire main-universe-multiverse-restricted software set) 3. Can be very easy to use, yet extremely powerful. == Use cases == Any user that needs better permissions control then the simplistic "user,group,others" unix file permissions. Bob wants to block his mother from seeing certain files on his machine, but wants to share them with his siblings. A need to block or allow a very specific set of users or groups access to files or folders. '''Password Protection of Folders Possible:''' This could be used to provide password protection of folders. By making a folder (and all its contents) owned by a new "username-protected" user, and a simple nautilus extension you could protect a easily password protect a folder. * This needs a extension for nautilus that checks to see what permissions you need to do something to a folder. (i.e. on a root owned folder, asks you for the root password to preform an operation) * When nautilus detects a folder/file owned by the "currentusername-protected" user it will prompt the current user for their password, and then allow access. * ACL's would be beneficial in this as you could use it to define exactly what users and groups access the folder. == Scope == == Design == 1. Patch/fork eiciel/nautilus to use ACL as the default permissions. 1. Change tab name to Permissions 2. Develop prompt to apply permissions recursively, if desired. 2. Turn on ACL support for all drives. (/, hoacl, boot/, everything) 3. Possibly make another tool to do advanced acl management. == Implementation == 1. '''Needs''' recursive application of permissions. This is a seperate bug in nautilus that needs to be fixed. === Code === === Data preservation and migration === == BoFstanding issues == == BoF agenda and discussion == * I'm not saying that all the files installed by Edgy should have acl's attached to them, I just want the possibility to be easily accessible for users if they want. (and all installed programs to be able to work with, and respect the ACl's) If the user wants an ACL on a folder or a file, he applies one, and it just works. Otherwise the file remains without an ACL and functions according to the Unix default. -- PeterVanderKlippe <> ## * Indented (two spaces) reply here with your @ SIG @ ---- * to make sure this is easy to do, there should be an option in the "permissions" tab that actually removes the acl from the files selected. The user will not know this, but this gives the ability to strip the extra information from the file if it is necessary. ("Default permissions" button?) This stripping the file of the acl will revert it to the Unix style permissions and allow the system to function as before. -- PeterVanderKlippe <> ## * Indented (two spaces) reply here with your @ SIG @ ---- * Please don't kill this idea just because ACL's can be confusing. They are a better permissions control system and will be useful for users. There just needs to be a little work put into polishing the tools. And a distro that supports ACL will greatly help. -- PeterVanderKlippe <> ## * Indented (two spaces) reply here with your @ SIG @ ---- * Added password protection of folders section -- PeterVanderKlippe <> ---- ## * New comment here! ---- CategorySpec