GNOME Bugzilla – Bug 62817
Support for POSIX ACLs
Last modified: 2021-06-18 15:16:36 UTC
It would be nice if Nautilus provided some mechanism for viewing and
editing ACLs. SGI's port of <a
href="http://oss.sgi.com/projects/xfs/">XFS</a> to Linux also includes ACL
support. Documentation about ACLs can be found <a
There has been some discussion of making the properties window be
extensible. This would allow us to make appropriate properties panes
for things like this without building them all into Nautilus.
In any case, this is something to consider either way.
Hi Matt, I also filed a gnome-vfs bug (bug 62835) to add ACL support
at that level. Since there are many kinds of ACLs out there, I think
adding the ACL concept at the gnome-vfs layer could help with
implementing ACL management in Nautilus and other apps.
*** Bug 105391 has been marked as a duplicate of this bug. ***
*** Bug 128889 has been marked as a duplicate of this bug. ***
The extensible properties pages are in, if someone wanted to write
this that way it could probably be done.
*** Bug 165791 has been marked as a duplicate of this bug. ***
Any word on the current status of this? Or pointers to the docs on writing extra
Just to comment that already exists something that works and uses gtkmm and
bonobo and has a nautilus property page, maybe useful to get ui ideas or get code...
screenshot --> http://rofi.pinchito.com/eiciel/gfx/shots/principal-0.5.0.png
nautilus-property page --> http://rofi.pinchito.com/eiciel/doc/x49.html
CVS --> http://rofi.pinchito.com/viewcvs/eiciel/
Main site --> http://rofi.pinchito.com/eiciel/
Its name is Eiciel and the website and documentation are in catalan I think, a
translator could be contacted if people get interested on it. I am not related
to Eiciel in any kind.
*** Bug 303722 has been marked as a duplicate of this bug. ***
This bug really needs some attention as it actually is a security problem. Users
connecting to a samba file server may be able to set ACLs on files of the server
using windows GUI. This is a potential security risk, as it means that UNiX
only users may be unaware that other people can read files that looks like they
were private. This would be a security problem.
The security problem will get even worse as the corresponding bug in KDE now
have been marked as fixed in the KDE CVS, meaning that KDE 4.0 almost certainly
will have support for ACLs. This means that not only windows users, but also
fellow Unix/linux users may create, to Gnome user, invisible ways to see files
the Gnome user thinks he has private access to.
I have that module installed in my Ubuntu 5.10 (Breezy Badger) laptop. It's
nice, and I like it, except that the old permissions tab is still there, and
does not stay in sync with the ACL tab changes. They should be merged into one
thing that can detect whether ACL support exists in the file system, so the
display changes according to that maybe. It ought to respond to changes made to
permissions and ACL by outside applications. It should be an integral component
of Nautilus, and not an add-in package.
*** Bug 329675 has been marked as a duplicate of this bug. ***
Created attachment 60839 [details] [review]
Patch implementing ACL support
This patch adds ACL support to Nautilus. It uses the new ACL support of GNOME-VFS (it is in a "acl" branch" in the CVS). It adds: removal and addition of common ACE, default ACE for directories, masks and default masks.
This patch adds "removal and addition of common ACE, default ACE for directories, masks and default masks", but does it adds access to files with ACLs.
I mean, if I have a right access (defined by ACL) to a file, shall I have access to the "Delete" action (which is not accessible actually) with this patch. Or does this patch only add an ACL Managment page in the file properties ?
Created attachment 60918 [details] [review]
Patch implementing ACL support
This new version of the patch takes care of the file ownership. If the file isn't own by the user, the ACL is shown, but it can't be changed (the buttons and the list in insensitive).
Created attachment 63787 [details] [review]
ACL tab implementation
This is an updated version of the patch.. it fixes a couple of issues found in the previous version.
Is anyone looking into integrating this in 2.16?
I get the following errors when compiling nautilus 2.14.3 with the latest patch applied:
In file included from ../libnautilus-private/nautilus-icon-factory.h:33,
../libnautilus-private/nautilus-file.h:205: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token
../libnautilus-private/nautilus-file.h:207: error: expected declaration specifiers or '...' before 'GnomeVFSACL'
I build the Debian package using pbuilder in a clean chroot environment.
Mmmh maybe I haven't read this patch should be used with the acl branch of gnome-vfs...
Anyone interested in building Debian packages for this?
The patch looks to leave the Permissions tab in tact; unifying this and ACL control would look better, I think. I posted mock-ups on bug #357750 of a revamped Permissions tab that has some support for POSIX ACLs but it's probably incomplete support as I haven't researched into it; I more just want to get rid of the horribly ugly dialog introduced in 2.16, which I still have to think about for a minute to figure out what I'm actually setting.
I think this bug shouldn't be set to the pre-0.1 version...
Patch was obsoleted by the GIO transition. Setting patch status.
Confirmed in nautilus 3.4. Still doesn't support viewing/editing ACLs.
Note that there is a graphical utility for this called eiciel: http://packages.debian.org/wheezy/eiciel. Maybe it could provide an useful base
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org.
As part of that, we are mass-closing older open tickets in bugzilla.gnome.org
which have not seen updates for a longer time (resources are unfortunately
quite limited so not every ticket can get handled).
If you can still reproduce the situation described in this ticket in a recent
and supported software version of Files (nautilus), then please follow
and create a new ticket at
Thank you for your understanding and your help.