If you are working on a group project, and would like to share code, one option is to use ACLs. ACL stands for Access Control List. ACLs can be used to make the normal file permissions more specific.
To set up ACLs, try our easyfacl script. This script will prompt you for:
The script will then show you the commands it will enter. You can confirm, or opt to enter these commands yourself. They should look something like this:
setfacl -R -d -m user:uname1:rwx,user:uname2:rwx dir
setfacl -R -m user:uname1:rwx,user:uname2:rwx dirYou should be one of the users listed so that you have ACL privileges if one of the other users creates files and folders in the directory.
setfacl is the command used to change the ACL information about a file or directory.
-R means make the command recursive, or, use this command to give all the existing files/directories in the directory the same ACLs.
-d means make these ACLs the default. All new files and directories created within this one will have the same ACLs.
-m means modify. This sets up the users (in our case, user1 and user2) with rwx permissions on the directory.
After running easyfacl or setting ACLs manually with setfacl, use getfacl dirname to see the ACLs on a given file or directory.
Here’s an example of the whole process, run as user jk:
BASIL[jk]$ mkdir project
BASIL[jk]$ easyfacl
Enter a space separated list of users: jk dhp mary
Enter a pathname (relative or full): project
These commands will be entered
setfacl -R -d -m user:jk:rwx,user:dhp:rwx,user:mary:rwx project
setfacl -R -m user:jk:rwx,user:dhp:rwx,user:mary:rwx project
Should I do this? (Y/n)y
acls are set up
press Return>
BASIL[jk]$ getfacl project/
# file: project
# owner: jk
# group: users
user::rwx
user:jk:rwx
user:mary:rwx
user:dhp:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:jk:rwx
default:user:mary:rwx
default:user:dhp:rwx
default:group::r-x
default:mask::rwx
default:other::r-xACLs are complicated, so here are a few things to keep in mind.
copying vs. new files: When you make a new file or directory, the default ACL takes care of the ACLs for the new file or dir. If you’re copying from some other directory, the default ACLs don’t carry over. So you need:
setfacl -m user:u1:rwx,user:u2:rwx copied_file
Where the users listed are the people in your default ACL info for the rest of your directory.
executable scripts: I am planning to write a script. I make a new file in the ACL directory, and begin writing, but then notice that I do not have execute permissions on the file, and thus cannot use my executable script. I need:
chmod +x scriptname
The +x is important, because you want to add execute permissions. You don’t want to say chmod 700 because that will change existing ACLs on the file.
reaching the ACLdir: So you set up the ACLs, and your partner tries to cd to the directory where you will be doing your project. But the two of you see something like cd: Permission denied. And you thought ACLs were supposed to fix all of that! Your partner needs to be able to cd to the ACL directory. This means that every directory leading to the ACL directory must have, as permissions, at least 711 (or 755).
removing ACLs: Your work is done, but you have decided, during the course of your project, that you hate your partner and no longer want the ACL permissions active. Thankfully, it is simple to remove them. cd to above the original directory where you set the ACLs, and:
setfacl -R -b acldir
The -R means recursive, the -b means delete all acls.