I have been playing around with chmod, chown, setfacl and special bits trying to get multiple system/full users in same group correct access permissions to my media collection.
But I’ve messed it up somehow and now I’m having weird problems that are hard to track.
I would like to set my whole collection back to the defaults.
What is the best way to do this?
One problem I’ve had when making changes to so many files is the process seems to go forever without completing. Eventually it gets killed so my filesystem has variable attributes throughout. how can this be worked around?
I want everything to be owned by myuser, group media, everything else default I will sort it from there once I have a fresh slate.
And is there a way to backup these attributes only? I don’t have enough storage to backup the files themselves.
It is Debian with ext4 filesystem.
Edit to add: Media collection is on its own separate drive/filesystem; this has no impact on anything else on the computer.
Restore from backup. No point in trying to figure out what changed, how and where.
that sounds to ge good advice, but I’m pretty sure they would yave done that themselves, if they had a backup.
and, if you read the whole post, you’ll know that they are physically unable to keep a backup.
deleted by creator
I want everything to be owned by myuser, group media
Wait, “everything?” Yeah, that’s probably contraindicated. You don’t want to be changing ownership of stuff in, say, /etc or /bin or whatever to your user. For the most part, stuff in those locations should be owned by root:root. If there are exceptions (things that should be owned by root:<something else>), the package manager will make sure they’re set as they should be.
No no, sorry. Just on the specific filesystem which only contains media files.
As root:
cd /filesystem/in/question chown myuser:media -R /filesystem/in/question find -exec chacl -B -- {} + find -exec chmod 644 -- {} + find -type d -exec chmod 755 -- {} +Is there a reason to run
find -exec chmod 644 -- {} +rather than
find -type f -exec chmod 644 -- {} +?
I’m not familiar with
chacl(“change the access control list of a file or directory”). Is is similar tosetfacl(“set file access control lists”)? A matter of preference/habit?It seems like
-Bdoes “Remove all ACLs”. Which I guess is what I am asking for? Files on linux are OK to have no ACLs?About the
find ... {} +, I see{} +runs the specified command on the selected files, but the command line is built by appending each selected file name at the end; the total number of invocations of the command will be much less than the number of matched files.
So does it wait until it has found all the matches to run the command as a giant batch instead of running it as it finds matches?
chacl is from IRIX, and is included for backward compatibility afaik. setfacl is the more common command.
setfacl -bis the same aschacl -BIIRCSo does it wait until it has found all the matches to run the command as a giant batch instead of running it as it finds matches?
almost. it runs the command in batches, if you have few enough files it may only run it once. this shouldn’t make it slower, but actually faster.
and yes, linux does not use ACLs by default.
on ext4 usage of ACLs is not even enabled by default, but only if you set it up with the right mount optionon ext4 usage of ACLs is not even enabled by default
Is that the case? One reason I included the information is because I found conflicting info and I am unsure. I specifically recall reading it is default on ext4 but not ext3.
aclis specified as a default mount option when creating an ext2/3/4 filesystemThis SE thread has a coment dated 2015:
Recent distro have ACL mount option included by default (since kernel 2.6). So it’s not mandatory to redefine it in /etc/fstab (or similar). Non exhaustive list of filesystems concerned: ext3, ext4, tmpfs, xfs and zfs .
I don’t think I have read anywhere it is not default for ext4, only for earlier exts.
oh, that’s right, sorry. it must have changed in recent years.
so I haven’t either found a definitive answer to whether it is a default mount option, but the closest I found is almost it:
man mountsays to look inman ext4, and there itsays the defaults are determined by the filesystem superblock.the superblock’s settings can be viewed with
tune2fs -l /dev/your_blockdev, and according to the “default mount options” line I indeed have acl enabled by default on all my ext4 filesystems.so in the end, the default is determined by the tool that makes the filesystem.
mkfs.ext4reads them from/etc/mke2fs.confif not overridden with an argument. on my system tue acl option is right there in this file.and that also means that this depends not on your current system, but on the system where the filesystem was created.
So does it wait until it has found all the matches to run the command as a giant batch instead of running it as it finds matches?
Indeed. If possible, it is typically what you want (as opposed to
find ... -exec ... {} \;which runs command for each found file) since it will run faster. You wantfind ... -exec ... {} \;if the command you’re executing can run on single file only or you’re dealing with legacy system without-exec ... {} +support.
To back them up, perhaps cp -r --preserve=xattrs --attributes-only (or --preserve=all if you don’t want only xattrs)
Wouldn’t that back up the media files themselves also, not just the attributes?
Not with --attributes-only.
I mean, too late for you now. But I have a script that backs up just the permissions and owners for a given folder hierarchy.
I use it because I backup to a cloud backup platform that doesn’t save them. So these files are backed up with the data so the files and permissions/owners can be restored in an emergency.
But you could of course also use the file to restore permissions after a user generated mistake too.
can you share the script?
Yeah. Only on my phone right now but will get it and post here later/tomorrow.
What have you been trying to do exactly? I’ve got into plenty of permissions messes in the past, and my gut feeling is that you might be overcomplicating things here
I think the main issue was that various applications that are involved have their own user account, but you put all those users in the
mediagroup so they are all supposed to be able to access each others files. But when they would create a new file, it never gets chowned to:media, it is only owned by the group of the creating system user. I was trying to manage it so that all files owned by userjellyfinwould also be modifiable bymyuser.I wanted this to be managed correctly by the file system or something but maybe once I can get a fresh slate, just make a script that constantly runs to
chown -R :mediamight be more straightforward.Don’t do that. I’ve done worse, but that’s no excuse. You need to use the setgid bit (
chmod g+s) of the parent folder and then look into the umask config option for whichever of your applications are creating files/directories… and what umask even is ofc lolI did try to setgid thing but maybe it made things worse and not better.
what umask even is ofc lol
my conclusion also… I did kind of get to the understanding that the correct way to do this is with umask but everytime I think “I’m just going to sit down and learn about umask” I immediately am forced to admit defeat and give up. Which is why I didn’t make a post about solving the original problem, rather just to try to dig out my current hole first.
Well sudo find ${path} -type d exec chmod 750 {}; to fix the folders first Then sudo find ${path} -type f exec chmod 640 {}; to fix the files
After that sudo chown -Rv my user:media ${path} and everything should be sorted
If you use u+rwX style syntax instead of 755, the capital x will only apply to folders. Then you can do it all in one command and don’t need find.
Xapplies to directories and executable files. Presumably, OP wants to clear the executable bits from any files and+Xwon’t do that.Right because there are no legitimate executable files in this set. So it is OK to blanket remove x from any files tat have acquired it.
But I need x on directory, because that’s required to enter/read the directory. If I understand properly.
But I need x on directory, because that’s required to enter/read the directory. If I understand properly.
That’s why bacon listed
find ${path} -type d exec chmod 750 {};as first command. See also my reply.You need x on directories and executable files.
Honestly tho you could leave x on absolutely everything and probably be fine. Just pull it off your media / untrusted downloads.
When I was getting myself into this mess, I found different opinions about whether it’s faster to find, them modify attributes for only those files which require it, OR if you should just modify the attributes of all files en masse.
I tried both ways and they both took a very long time; didn’t do any objective comparison.
Not every version of chmod supports that and you really don’t want your media files to be executable
Why not?
An mp3 or a pdf has no business doing anything. The whole point of file permissions is to prevent the user from accidentally doing stuff they don’t mean to do.
If you downloaded a malicious file that had some code in it, you could accidentally execute the code. Or maybe some legitimate code that means one thing in the file format but a different thing when executed accidentally.
Even excluding the possibility of malice, I think it would screw up things like tab completion to have every file be an executable. Or if I double click in the GUI file manager, will it try (and fail) to run the .avi as an application instead of opening in VLC?
I’m sure you could get a more comprehensive answer if you post a new thread or search on the web.
my version does support it, it’s fine
if it wasn’t supported shouldn’t it throw an error or do nothing? or in other versions is
Xa synonym tox?
One way could be to grep your history, then compare the matches against a distro source?
It’ll be tedious if it’s lots, but might be a solution if you don’t have a backup.
It’s hard to sort out what happened because some tasks completed, others didn’t. Some commands were following symlinks, others weren’t. Some files already had permissions that prevented the current user from modifying them so were untouched. And some files have been moved. There is no way to sort it out from the history.
There are no “defaults”. If it’s just media, and you don’t care who can read it:
chmod -R 755 /your/directoryThat sets your user to full access, and all other users to read and execute whatever files are in there. That’s as close to a default as you can get. Switch it to 744 for strict read-only for other users aside from yourself.
