Re: POSIX ACL Support in Nautilus

[Olaf Frączyk <olaf cbk poznan pl>]

On Tue, 2004-10-12 at 18:35, Dave Ahlswede wrote:
> On Tue, 2004-10-12 at 19:13 +0300, Ionut Cotoi wrote:
> > You guys got me puzzled, what about the standard UNIX permissions ?
> > We can't have both things presented to the user on the same tab, I
> > think maybe a button on the permissions tab, something like
> > [Advanced...] would be more appropriate, and clicking that button will
> > pop-up the POSIX perm window, which should resemble the one in
> > Win2k/XP, or maybe OS X.
> > 
> 
> Why can't we have them both in the same dialog? Isn't the POSIX ACL spec
> just a superset of UNIX permissions? (i.e. X person or group can or
> cannot read/write/execute) I would think that Owner, Group and Others
> could be presented in the dialog as special, non-removable users. The
> Sticky and setuid/setgid would have to go in their own category, but it
> could still be within the same dialog.
Exactly.

>From man page:

> 	ACL_USER_OBJ    The ACL_USER_OBJ entry denotes access rights for
>                            the file owner.
>  
>            ACL_USER        ACL_USER entries denote access rights for users
>                            identified by the entry’s qualifier.
>  
>            ACL_GROUP_OBJ   The ACL_GROUP_OBJ entry denotes access rights for
>                            the file group.
>  
>            ACL_GROUP       ACL_USER entries denote access rights for groups
>                            identified by the entry’s qualifier.
>  
>            ACL_MASK        The ACL_MASK entry denotes the maximum access
>                            rights that can be granted by entries of type
>                            ACL_USER, ACL_GROUP_OBJ, or ACL_GROUP.
>                                                                                 
>            ACL_OTHER       The ACL_OTHER entry denotes access rights for pro-
>                            cesses that do not match any other entry in the
>                            ACL.



Anyway, I wouldn't use the OS X or Win2k/XP dialogs. They have the big
disadvantage: to change many user's permissions you need to click first
user, next set permissions, next select another user, next go to
permissions .... and so on. If the permissions were in the same tree
view, with checkboxes, it would be a lot more practical. I suppose in
WinNT/2k/XP they did it in another way just because they have many more
rights to set.

By the way, it would be nice to have Extended Attributes view, on next
tab.

Maybe a simple three column list:

ATTR_NAMESPACE, ATTR_NAME, ATTR_VALUE. ATTR_NAME, ATTR_VALUE as editable
strings?

Or a simple one level tree:

ATTR_NAMESPACE_1
	ATTR_NAME, ATTR_VALUE
	ATTR_NAME, ATTR_VALUE
ATTR_NAMESPACE_2
	ATTR_NAME, ATTR_VALUE
	ATTR_NAME, ATTR_VALUE

The ATTR_NAMESPACE just says if it is root or user defined attribute. I
don't know if there can be more namespaces than 2, but we should
prepared for this.

The only trouble can be, that it is perfectly possible to have binary
data inside the ATTR_VALUE. So a dialog to modify value like in Windows'
regedit could be necessary.

Regards,

Olaf