set file ownerships and permissions
libpermissioner | fix long shutdown delay after Ctrl-C | 2020-09-19 13:55:21 |
---|---|---|
permissionerc | fix long shutdown delay after Ctrl-C | 2020-09-19 13:55:21 |
permissionerd | fix long shutdown delay after Ctrl-C | 2020-09-19 13:55:21 |
tests | fix long shutdown delay after Ctrl-C | 2020-09-19 13:55:21 |
.gitignore | begin of permissioner config parsing | 2020-08-16 16:14:27 |
CMakeLists.txt | finish binaries, add readme | 2020-09-17 19:19:25 |
LICENSE | add copyright & license | 2020-09-17 19:23:53 |
README.md | add nice and I/O idle config | 2020-09-19 12:44:39 |
exports | begin of permissioner config parsing | 2020-08-16 16:14:27 |
The unix tools chown
and chmod
allow to set ownership and permissions of
files and entire directory trees. However, multiple calls to those tools
are needed when setting complex ownerships and permissions of nested directory
trees. In case the change of ownerships and permissions shall be very fast for
file, e.g., because the directory tree is accessed in parallel to the change,
using multiple calls is not suitable.
For example, let's assume, multiple users write files to a shared directory
shared/
in order to implement a primitive ad-hoc file sharing. The users
all have the group fileshare
. All files copied to the shared directory
shall be readable, writable and deletable by all other users in the group.
However, there is one directory, called shared/perm
, in which files should
stay permanently and be only readable for all users. This could be implemented
by executing the following commands periodically in a cron
-job:
chown -R nobody:fileshare shared
chmod -R ug+rwX shared
chmod -R g-w shared/perm
However, while the sequence of the three commands is executing, strange and unwanted ownerships and permissions may occur. If the directory tree is large, it can lead to problems accessing the files in parallel.
Permissioner can help to reduce the problems by touching each file only once, and setting its ownership and permissions very quickly, before advancing to the next file.
Using the configuration file fileshare.cfg
with the content
tree nobody fileshare ug+rwX shared
tree nobody fileshare u+rwX,g+wX,g-w shared/perm
in the call
bin/permissionerc fileshare.cfg
has the same effect, but achieves the same outcome while touching every file just once - thus avoiding the transient strange state of files.
This is only a simple example to illustrate the functionality of permissioner. There are various other tools to properly implement a file sharing service. The sketched setup is only an ad-hoc hack and not a proper solution.
Situations in which chown
and chmod
are not sufficient are no very common.
Thus, permissioner is a very specific tool for a very specific use case. If
you are not sure if you should use permissioner, after reading the above
example, you should probably stick with the Unix tools chown
and chmod
.
Permissioner is developed on Debian Linux 10 "buster".
Install the dependencies:
apt-get install -y build-essential cmake gcc g++ ninja-build \
Change to the directory of this REAMDE.md
file.
Configure a build directory:
mkdir build
cd build
cmake -G Ninja -D CMAKE_BUILD_TYPE=Release ..
Build:
ninja
Run tests:
ctest
The configuration file lists directory trees and the ownerships and permissions to set for them. If some of the specified trees are nested within each other, the nested tree(s) is/are excluded from the containing tree(s).
The syntax of the config file is line-based. Each line defines a setting or a directory tree and the ownerships and permissions for it.
Syntax:
permissionerd
, ignored by permissonerc
)
`nice [] [idle]
<niceness value>
: Linux niceness value for daemon process,
19
for nicest (lowest CPU priority)idle
: set I/O priority class to idletree <user> <group> <permissions> <directory>
<user>
: User name to set as user/owner, -
to not change the user/owner.<group>
: Group name to set as group, -
to not change the group.<permissions>
: Comma-separated list of permission settings.
<perm setting>[,<perm setting>[,<...>]]
<perm setting>
: Setting (=
), adding (+
) or removing (-
) permissions.
<who>[=+-]<what>
<who>
: For whom to change the permissions. Any combination of:
u
: User.g
: Group.o
: Others.<what>
: Which permissions to change.
r
: Reading.w
: Writing.x
: Executing for files, browsing for directories.X
: Like x
if x
set for user/owner of the file.<directory>
: Absolute or relative directory name.
permissionerc
or permissionerd
.Example:
tree nobody fileshare ug+rwX shared
tree nobody fileshare u+rwX,g+wX,g-w shared/perm
The permissioner client is a simple binary that reads the config file and sets the ownerships and permissions according to the directory tress configured in it once.
Call syntax:
bin/permissionerc <config file>
The permissioner daemon set ownerships and permissions repeatedly.
Call syntax:
bin/permissionerd <config file>
The daemon will execute the following actions in a loop:
The daemon continues to run until it receives an interrupt (SIGINT
) or
termination (SIGTERM
) signal.