Mastering file permissions is a big part of becoming Linux capable. And it essential to the “everything is a file” ethos. Wanna lock down an important file or program? chmod is a powerful ally.
Microslop has tried to adopt a half-ass elevated permissions scheme, but with lame-ass UAC and users who’ve no idea why Explorer doesn’t have administrator rights on their administrator account.
Windows’ way is more convenient for me, than chmod:
windows allows you to regulate file access more granularly, more flexible - per any particular user , particular group.
Chmod can’t do that.
chmod can do 95% of everything I’ve ever needed, just with the “user” and “other” category. Private files, public-readable files, public read-write files, programs I compile but anyone can run… all that is just in the “user” and “other” category of chmod.
It gets 99% if you add the sticky bit (used on /tmp) and the “group” category. Serial ports are owned by root:dialout, and mode 660. To get serial port access, just add the user to the dialout group. For group assignments in college, each partner pairing had their own group they could use. Group work files were mode 660 so groups could edit each others’ work, but other groups couldn’t peek.
For the last 1%, use setfacl. It does everything that explorer.exe’s security tab can do.
Via chmod you can’t configure access to some arbitrary group or user. You have only the owner user, owner group and everything else is crowded into one lump “other”.
setfacl can do.
It’s just that some *NIX users want the stupid POSIX model and authenticating with user-ids (+ private keys) instead of proper usernames and password (and private keys).
Go figure /shrug
Mastering file permissions is a big part of becoming Linux capable. And it essential to the “everything is a file” ethos. Wanna lock down an important file or program? chmod is a powerful ally.
Microslop has tried to adopt a half-ass elevated permissions scheme, but with lame-ass UAC and users who’ve no idea why Explorer doesn’t have administrator rights on their administrator account.
Windows’ way is more convenient for me, than chmod:
windows allows you to regulate file access more granularly, more flexible - per any particular user , particular group.
Chmod can’t do that.
chmod can do 95% of everything I’ve ever needed, just with the “user” and “other” category. Private files, public-readable files, public read-write files, programs I compile but anyone can run… all that is just in the “user” and “other” category of chmod.
It gets 99% if you add the sticky bit (used on /tmp) and the “group” category. Serial ports are owned by root:dialout, and mode 660. To get serial port access, just add the user to the dialout group. For group assignments in college, each partner pairing had their own group they could use. Group work files were mode 660 so groups could edit each others’ work, but other groups couldn’t peek.
For the last 1%, use setfacl. It does everything that explorer.exe’s security tab can do.
Either I don’t understand your comment, or you don’t understand chmod. What you describe ins’t beyond chmod; it’s the basic functionality of chmod.
OP meant ACLs.
Which arent exactly straight forward in CLI in either Windows nor Linux.
But it is pretty straightforward in the Windows GUI.
More or less.
Until you get into nested and inherited permissions ;) Then it get’s really fun.
Via chmod you can’t configure access to some arbitrary group or user. You have only the owner user, owner group and everything else is crowded into one lump “other”.
setfacl can do.
It’s just that some *NIX users want the stupid POSIX model and authenticating with user-ids (+ private keys) instead of proper usernames and password (and private keys).
Go figure /shrug