GNOME Bugzilla – Bug 357750
Permissions dialog revamp
Last modified: 2010-07-06 10:34:29 UTC
I have mocked-up a Permissions tab revamp that makes the dialog more usable. This renames Permissions to Security and takes a more intuitive design; it also gives light control over ACLs. The mock-up is kind of ugly, I forgot to put in an Add button in to add new groups/users into the ACL entry list, and I skirted explaining how advanced permissions (SUID, SGID, Sticky) are going to be shown and explained. You can probably kill the button and just have a scroll box. Feasibly, you could change the permissions to be something like "Read," "Read and Write," etc; and have an "Advanced" dialog that lists all the different permissions and how they're set. I don't see the point though. Other information:
Created attachment 73414 [details] Mock-up of Security tab for files This is a cheap mock-up of the proposed Security tab for files.
Created attachment 73415 [details] Security tab for directories Mock-up of Security tab for directories. The "Encrypt this folder's contents" checkbox is for https://wiki.ubuntu.com/EncFSIntegration and can be left out until this is done. I plan also to compress the contents of folders (compression before encryption; it reduces redundancy and makes cryptanalysis harder) using LZOLayerFS, if I can convince its author to release under GPL (it currently has a "Copyrights reserved no warranty blah blah" license).
I want to reference two bugs for this bug. First, bug #40879, which describes basically the current Permissions tab (and should be closed probably...). This bug is another "Redo the permissions tab." Second, bug #62817, which requests control of POSIX ACLs. The dialog I've mocked-up here gives control over POSIX ACLs, although it can just as easily do simple UNIX permissions. This does not give complete POSIX ACL control, however; I made no provisions for masking or other complex POSIX ACL features, and really didn't research it.
Here are proposed permissions. They are split into "Advanced Permissions" and "Basic Permissions," although I wouldn't mind skipping the Basic Permissions and just listing the Advanced Permissions in the dialog. FOR FILES Advanced permissions: Read file contents (read) Change file contents (write) Execute file as program (execute) Advanced Special Permissions: Execute as owner of file (SUID) Execute in group of file (SGID) Basic permissions: Read (read) Read and Alter (write, enables Read) Read and Execute (Execute, enables Read) FOR DIRECTORIES Advanced permissions: List contained files and folders (read) Create files and folders (write) Access contained files and folders (execute) Advanced Special Permissions: Users may only delete files and folders they own (Sticky) Inherit ownership of folder to files and folders created inside the folder (SUID) Inherit group of folder to files and folders created inside the folder (SGID) I guess you could call "Advanced Permissions" "Special Permissions" (WinXP) or "Access Control Attributes" or "Security Attributes" and call "Advanced Special Permissions" "Global Security Attributes" or something.
Created attachment 73462 [details] Second Mock-Up of Security tab for files I decided to go ahead and try to do the mock-up proper, and put more thought on it. I've now shown the placement of the Add button, as well as properly set the fonts. There is an O on the Owner icon and a G on the Group; other icons are normal. I reduced the geometry of the Permissions box and mocked up proper permissions. The permissions in the box are as follows: Full Access: Checks all boxes; unchecked if any box is unchecked. Read and Modify: Checks Read and Write Read and Execute: Checks Read and Execute Read: Represents the r-- permission Write: Represents the -w- permission Execute: Represents the --x permission. The Advanced File Permissions button should in some way (new dialog? How's the HIG do this...) give access to the following settings: File is Executed as Owner: Sets the SUID bit File is Executed as Group: Sets the SGID bit These could alternately be placed below Permissions, as Global Security Settings. This lay-out leaves a large amount of screen real-estate. In the future I hope individual file compression with EncFS becomes possible (I have ideas on how this may work, which I should discuss with the author some time); a checkbox can fit into here to control that.
Created attachment 73465 [details] Second Mock-Up of Security tab for directories This is the second mock-up for the Security tab for directories. Similar to the File tab, but with different permissions. Full Access: Checks all permissions, giving POSIX rwx List and Access Files: Implies POSIX r-x; checks List Files and Access Files List Files: Implies POSIX r-- Create and Delete Files: Implies POSIX -w- Access Files: Implies POSIX --x The Advanced Folder Permissions would give the options: Only allow users to delete files they own: Sets sticky New files inherit Group: Sets SGID, newly created files get the folder's group
Oops, accidentally killed the "apply settings to enclosed files" button in the directory mock-up. I didn't make visible provisions for POSIX ACL masks or for changing the default group (chgrp); masks can be done with Add if you so desire, default group can be done via a context menu.
Also see http://rofi.pinchito.com/eiciel/.
*** Bug 517005 has been marked as a duplicate of this bug. ***
Thanks for the mockups John. A bug report isn't a good place for design ideas like this. If you're still interested, could you post your proposal on the wiki [1]? [1] http://live.gnome.org/Nautilus/Ideas/