User permissions tend to center around UGO and +rwx. If you understand that, you’re in good shape…if you only need the basics. But using the standard methods, UGO permission systems limits how you can manage permissions with multiple users or multiple groups. If you want a more flexible permission mechanism for Linux, you turn to Access Control Lists (ACLs).
For example, what if Haley owns a file and wants to allow Ash to read it, Mixi to read it, and Anneke to read and write to it? Add to that mixture that they are all in different groups. What do you do then?
You turn to ACLs.
However, if you want to gain the added functionality of ACLs in a standard Linux desktop environment, where do you start? Probably the single easiest route to success is with the handy GUI app, Eiciel. With this tool you can easily control the extended permissions offered by ACLs without having to dive into the command line that would look something like:
setfacl -m "u:username:permissions" file
Naturally, for many a Linux system administrator, the command line will be the go-to tool. But for everyone else, a good GUI goes a long way. For ACLs, the best GUI in town is Eiciel. Let’s install it and use it.
How to Install Eiciel
Fortunately, Eiciel can be found in most standard repositories, so installation is only a matter of firing up your distribution’s package manager, searching for Eiciel, and clicking Install (who said installing apps on Linux was challenging?). I’ll be demonstrating the installation on Ubuntu 15.10 and, unfortunately, have discovered a rather odd bug in the available release of Eiciel (0.9.9). When selecting permissions, the checkboxes always appear empty. This is a GTK issue and is resolved in the latest release (0.9.11), which currently cannot be installed on the latest iteration of Ubuntu. I’ve tested the available release for Elementary OS Freya (Eiciel 0.9.8) and this bug doesn’t exist. Either way, Eiciel still works…only on Ubuntu 15.10 you have to guess what is checked and what is not. Hopefully this bug will be resolved asap.
Should you opt to go the installing from source route (and you’ve met the Eiciel dependencies), here are the steps for a successful installation:
-
Download the source into your Downloads folder
-
Open a terminal window
-
Change into the Downloads folder
-
Unpack the archive with the command tar xvfj eiciel-XXX.tar.bz2 (where XXX is the release number)
-
Change into the newly created folder with the command cd eiciel-XXX (where XXX is the release number)
-
Issue the command ./configure
-
Issue the command ./make
-
Issue the command sudo make install
-
Restart Nautilus with the command nautilus -q
NOTE: If you’re working with a distribution that doesn’t make use of sudo, you’ll need to su to the root user and then issue the final command make install without sudo.
That’s it; Eiciel is ready to run.
You might be thinking, “Doesn’t the kernel need ACL support rolled in? As of kernel 2.6.39, ACL is turned on by default. If you want to ensure that ACL is turned on and a drive is mounted with support for the feature, issue the following command in a terminal window:
sudo tune2fs -l /dev/sdXY | grep "Default mount options:"
Where XY is the specific location of your drive (for example /dev/sda1).
That command should report something like:
user_xattr acl
If you see acl, you’re good to go.
Should you want to go through the process of correcting the dependency issue and get a perfectly working instance of Eiciel running on Ubuntu 15.10, here are the steps:
-
Open a terminal and uninstall the current Eiciel (if still installed) with the command
sudo apt-get remove eiciel
(NOTE: This will install quite a lot of packages)
-
Build the dependencies for Eiciel with the following command
sudo apt-get build-dep eiciel
-
Download the latest version of Eiciel and untar the package and install from source as instructed earlier
How to Use Eiciel
Using Eiciel is surprisingly simple. If you installed the app from within your package manager, you will find the launcher in your desktop menu. If you installed via source, you can fire up the GUI tool from the command line, with the command eiciel. Either way, the Eiciel main window will open (Figure A), and you’re ready to rock.
You should notice that Eiciel reports that you have no file open. That is because this app works on a per-file basis. So in order to use it, you must open a file. To do that, click the Open button and locate the file you want to work with.
Once you have that file open, you should now see users and groups listed, so that you can manage the ACLs for those users/groups on that file (Figure B).
Take a look at the same app (only an earlier release), running on Elementary OS Freya (Figure C).
In the upper pane of the GUI you will see a list of the current ACL participants. To add a new participant, click on that user from the lower pane and then click Add participants to ACL. That user will now appear in the upper pane. You can now manage the permissions for that file by clicking to add read, write, and/or execute permissions. Once you’ve added the user as an ACL participant, you can then select what permissions they should have for the file. As you add them, the permissions take effect in real-time.
You can also add groups as participants to the file ACL, by selecting Group from the Participant List and then adding the groups you want in the same manner you added the user(s).
You will also find that the Eiciel functionality is built into the GNOME file manager. What this means is simple… open up the file manager, right-click on a file, select Properties, and you’ll see a tab for Access Control List. Click on that tab and you’ll have access to ACL permissions, thanks to Eiciel (Figure D).
There’s no doubt Eiciel easily overcomes the shortcomings of the standard Linux permissions system. If you have a need to work with Access Control Lists on your Linux system, and you’d prefer a GUI tool for the task, Eiciel is what you want. Just understand, if you’re working with a recent release of Ubuntu, you might be faced (for the time being) with having to guess if a permission is checked or not.