File Permissions on MyFiles
If you’re a Linux user, the file permissions on MyFiles may be seem really strange. It may seem that anyone can read your files, or you may find it different to change these permissions. In reality, the underlying file permissions on files are usually just fine. But the permissions you view with a long file listing using the ‘ls -l’ command do not give you the complete picture of what’s really going on. This article should help Linux user understand more about MyFiles file permissions.
MyFiles Permissions are based on Windows, not UNIX
On the server files.engineering.iastate.edu, all files permissions were given UNIX style permissions. A file could have “read”, “write”, and “execute” permission bits that were assigned to the owner, group, and “other” users. The problem with this model is that it is very limited. You cannot use this permission scheme to give special permissions to a list of users or groups, and there is no way to set inheritance so that all files in a folder get the same permissions automatically. This permission scheme also meant that Windows users had file permissions set in a way that wasn’t “natural” for Windows.
With MyFiles, all permissions are set according to Windows style permissions. This is a much more powerful and flexible permission model than the standard UNIX style permissions. Using Windows style permissions, a file or directory can have different permissions for different users. Instead of just one “group” permission as in UNIX, a file can have several different groups with different permissions for each group. Windows style permissions also support inheritance, which means that you can force all files created in a folder to inherit the permissions set on the folder.
The most important thing for Linux users to understand is that permissions are set according to the Windows model and that the ‘ls -l’ command is not suitable for viewing these permissions from Linux. But whether you use Windows or Linux, the underlying security permissions on a file are exactly the same.
ls -l is incomplete
If you use the ‘ls -l’ command to view permissions on a file, you will only see is the UNIX style permissions. But this doesn’t work correctly when the underlying permissions are based on Windows permissions. You’re seeing an incomplete interpretation of the permissions. To see the full permissions on files, you should either use the Windows file explorer to see security properties, or use the ‘nfs4_getfacl’ command from Linux.
How to view permissions on MyFiles
Perhaps the easiest way to see the actual file permissions on files is to use the Windows file explorer. Use the Windows file explorer to highlight a file you’re interested in and select the Properties tab and then the Security tab. This will show the complete list of users and groups and the permissions assigned to them.
On Linux, there is a tool called ‘nfs4_getfacl’ that can also be used to view the permissions, though it takes a bit more interpretation to understand.