After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 357750 - Permissions dialog revamp
Permissions dialog revamp
Status: RESOLVED INCOMPLETE
Product: nautilus
Classification: Core
Component: File Properties Dialog
2.16.x
Other All
: Normal minor
: ---
Assigned To: Nautilus Maintainers
Nautilus Maintainers
: 517005 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2006-09-26 05:31 UTC by John Richard Moser
Modified: 2010-07-06 10:34 UTC
See Also:
GNOME target: ---
GNOME version: 2.15/2.16


Attachments
Mock-up of Security tab for files (46.35 KB, image/png)
2006-09-26 05:32 UTC, John Richard Moser
Details
Security tab for directories (52.74 KB, image/png)
2006-09-26 05:35 UTC, John Richard Moser
Details
Second Mock-Up of Security tab for files (48.82 KB, image/png)
2006-09-26 21:15 UTC, John Richard Moser
Details
Second Mock-Up of Security tab for directories (49.01 KB, image/png)
2006-09-26 21:33 UTC, John Richard Moser
Details

Description John Richard Moser 2006-09-26 05:31:37 UTC
I have mocked-up a Permissions tab revamp that makes the dialog more usable.  This renames Permissions to Security and takes a more intuitive design; it also gives light control over ACLs.

The mock-up is kind of ugly, I forgot to put in an Add button in to add new groups/users into the ACL entry list, and I skirted explaining how advanced permissions (SUID, SGID, Sticky) are going to be shown and explained.  You can probably kill the button and just have a scroll box.

Feasibly, you could change the permissions to be something like "Read," "Read and Write," etc; and have an "Advanced" dialog that lists all the different permissions and how they're set.  I don't see the point though.

Other information:
Comment 1 John Richard Moser 2006-09-26 05:32:24 UTC
Created attachment 73414 [details]
Mock-up of Security tab for files

This is a cheap mock-up of the proposed Security tab for files.
Comment 2 John Richard Moser 2006-09-26 05:35:16 UTC
Created attachment 73415 [details]
Security tab for directories

Mock-up of Security tab for directories.

The "Encrypt this folder's contents" checkbox is for https://wiki.ubuntu.com/EncFSIntegration and can be left out until this is done.  I plan also to compress the contents of folders (compression before encryption; it reduces redundancy and makes cryptanalysis harder) using LZOLayerFS, if I can convince its author to release under GPL (it currently has a "Copyrights reserved no warranty blah blah" license).
Comment 3 John Richard Moser 2006-09-26 05:38:43 UTC
I want to reference two bugs for this bug.

First, bug #40879, which describes basically the current Permissions tab (and should be closed probably...).  This bug is another "Redo the permissions tab."

Second, bug #62817, which requests control of POSIX ACLs.  The dialog I've mocked-up here gives control over POSIX ACLs, although it can just as easily do simple UNIX permissions.  This does not give complete POSIX ACL control, however; I made no provisions for masking or other complex POSIX ACL features, and really didn't research it.
Comment 4 John Richard Moser 2006-09-26 16:34:22 UTC
Here are proposed permissions.  They are split into "Advanced Permissions" and "Basic Permissions," although I wouldn't mind skipping the Basic Permissions and just listing the Advanced Permissions in the dialog.


FOR FILES

Advanced permissions:

Read file contents (read)
Change file contents (write)
Execute file as program (execute)

  Advanced Special Permissions:

  Execute as owner of file (SUID)
  Execute in group of file (SGID)


Basic permissions:

Read (read)
Read and Alter (write, enables Read)
Read and Execute (Execute, enables Read)


FOR DIRECTORIES

Advanced permissions:

List contained files and folders (read)
Create files and folders (write)
Access contained files and folders (execute)

  Advanced Special Permissions:

  Users may only delete files and folders they own (Sticky)
  Inherit ownership of folder to files and folders created inside the folder (SUID)
  Inherit group of folder to files and folders created inside the folder (SGID)



I guess you could call "Advanced Permissions" "Special Permissions" (WinXP) or "Access Control Attributes" or "Security Attributes" and call "Advanced Special Permissions" "Global Security Attributes" or something.
Comment 5 John Richard Moser 2006-09-26 21:15:41 UTC
Created attachment 73462 [details]
Second Mock-Up of Security tab for files

I decided to go ahead and try to do the mock-up proper, and put more thought on it.  I've now shown the placement of the Add button, as well as properly set the fonts.  There is an O on the Owner icon and a G on the Group; other icons are normal.  I reduced the geometry of the Permissions box and mocked up proper permissions.

The permissions in the box are as follows:

Full Access:  Checks all boxes; unchecked if any box is unchecked.
Read and Modify:  Checks Read and Write
Read and Execute:  Checks Read and Execute
Read:  Represents the r-- permission
Write:  Represents the -w- permission
Execute:  Represents the --x permission.

The Advanced File Permissions button should in some way (new dialog?  How's the HIG do this...) give access to the following settings:

File is Executed as Owner:  Sets the SUID bit
File is Executed as Group:  Sets the SGID bit

These could alternately be placed below Permissions, as Global Security Settings.

This lay-out leaves a large amount of screen real-estate.  In the future I hope individual file compression with EncFS becomes possible (I have ideas on how this may work, which I should discuss with the author some time); a checkbox can fit into here to control that.
Comment 6 John Richard Moser 2006-09-26 21:33:47 UTC
Created attachment 73465 [details]
Second Mock-Up of Security tab for directories

This is the second mock-up for the Security tab for directories.  Similar to the File tab, but with different permissions.

Full Access:  Checks all permissions, giving POSIX rwx
List and Access Files:  Implies POSIX r-x; checks List Files and Access Files
List Files:  Implies POSIX r--
Create and Delete Files:  Implies POSIX -w-
Access Files:  Implies POSIX --x

The Advanced Folder Permissions would give the options:

Only allow users to delete files they own:  Sets sticky
New files inherit Group:  Sets SGID, newly created files get the folder's group
Comment 7 John Richard Moser 2006-09-26 21:37:14 UTC
Oops, accidentally killed the "apply settings to enclosed files" button in the directory mock-up.

I didn't make visible provisions for POSIX ACL masks or for changing the default group (chgrp); masks can be done with Add if you so desire, default group can be done via a context menu.
Comment 8 Teppo Turtiainen 2007-01-20 17:39:00 UTC
Also see http://rofi.pinchito.com/eiciel/.
Comment 9 Samuel Abels 2008-02-17 15:20:51 UTC
*** Bug 517005 has been marked as a duplicate of this bug. ***
Comment 10 Allan Day 2010-07-06 10:34:29 UTC
Thanks for the mockups John. A bug report isn't a good place for design ideas like this. If you're still interested, could you post your proposal on the wiki [1]?

[1] http://live.gnome.org/Nautilus/Ideas/