Summary

Lets turn access control lists (ACL) on by default for Ubuntu. Part of the original outline for Edgy is to try new things. Not just optionally installable, as it is now (in dapper, others?) but make it the default way edgy deals with permissions.

Quote:

And that's exactly what we hope the development team will do with Ubuntu 
during the Edgy cycle - explore slightly unfamiliar and uncharted territory 
that is perhaps a little out of the mainstream. 

Nautilus acl and xattr control panel:

http://rofi.pinchito.com/eiciel/

Rationale

  1. Much better permission control then any other system.
  2. Easy to implement, we just need to enforce it for the whole OS. (the entire main-universe-multiverse-restricted software set)
  3. Can be very easy to use, yet extremely powerful.

Use cases

Any user that needs better permissions control then the simplistic "user,group,others" unix file permissions.

Bob wants to block his mother from seeing certain files on his machine, but wants to share them with his siblings.

A need to block or allow a very specific set of users or groups access to files or folders.

Password Protection of Folders Possible: This could be used to provide password protection of folders. By making a folder (and all its contents) owned by a new "username-protected" user, and a simple nautilus extension you could protect a easily password protect a folder.

Scope

Design

  1. Patch/fork eiciel/nautilus to use ACL as the default permissions.
    1. Change tab name to Permissions
    2. Develop prompt to apply permissions recursively, if desired.
  2. Turn on ACL support for all drives. (/, hoacl, boot/, everything)
  3. Possibly make another tool to do advanced acl management.

Implementation

  1. Needs recursive application of permissions. This is a seperate bug in nautilus that needs to be fixed.

Code

Data preservation and migration

BoFstanding issues

BoF agenda and discussion






CategorySpec

ACL-OnByDefault (last edited 2009-02-03 14:56:39 by ivoks)