sontek ( John M. Anderson )

A lot of Linux/openSUSE users aren’t aware that there are more to file system permissions than the obvious Owner, Group, Other / Read, Write, Execute setup.

All major Linux file systems (ext3, reiserfs, etc) support access control lists (ACL) and its very easy to use them.

To see if a file or directory has an ACL set on it, you can use ls:

inspidell:~ # ls -ld /home/sontek

You’ll get output similar to this:

drwxr-xr-x+ 55 sontek users 4096 Jul  4 13:42 /home/sontek

The + at the end of the permissions means that we are using extended permissions (ACL’s). To get the list of ACL’s on the file/directory, run the getfacl <file> command.

inspidell:~ # getfacl /home/sontek
getfacl: Removing leading '/' from absolute path names
# file: home/sontek
# owner: sontek
# group: users
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group:users:---
default:mask::r-x
default:other::r-x

This shows both the ACL’s and the basic Linux permissions.

To modify or set ACL’s you use the setfacl command. Here are a few examples of how to use it:

Grant a single user read access to a directory in your home directory.
setfacl -m u:mom:r /home/sontek/photos

Remove all access from a group on a file
setfacl -x g:developers payroll.xml

You can also copy a set of permissions from one file to another
getfacl file1 | setfacl --set-file=- file2

Remove all ACL’s
setfacl -k /home/sontek

For those of you who are not console jockey’s, you’ll realize quickly that the default nautilus setup doesn’t have a way to view, modify, or add any ACL’s, to get this support you’ll need to install two packages, with opensuse you do this with zypper:

inspidell:~ # zypper in eiciel nautilus-eiciel

Before the ACL permissions show up in nautilus, you’ll have to restart it:

inspidell:~ # pkill nautilus

After this, you’ll be greeted with a very easy to use dialog for modifying ACL’s:

another great nautilus permissions tip I learned from Christer Edwards is to enable advanced permissions in nautilus, this is a much better UI for managing permissions and should probably be the default.

gconftool-2 --type bool --set /apps/nautilus/preferences/show_advanced_permissions True

A screenshot of this in action:

I hope this helps you better secure and manage your computer with the more advanced features your Linux file systems both from console and inside GNOME.

Ever run system updates in Linux (i.e openSUSE) and get a package that doesn’t seem to be changed and wonder why the update was pushed? Or just interested in following the latest changes to some of your favorite Linux packages?

With rpm you can view all the latest changes in an easily to read format. To get the changelog of a package with rpm you do the following:

$ rpm -q --changelog <package> | less

replace <package> with whatever ever package you would like to see the changelog for (i.e rpm -q –changelog banshee-1 | less)

This is for rpm based Linux distributions (i.e openSUSE, Redhat)

When you are working with the source of a new package on openSUSE and aren’t familiar with all of its dependencies, it gets quite annoying running the normal Linux autconf commands–./autogen.sh, install missing dependency, rinse, wash, and repeat–until you finally have everything you need installed.

zypper makes this easy for us with the following command:

$ sudo zypper si -d <package>

You replace <package> with whatever package’s build dependencies you need.

I’ve been having a lot of stability issues with openSUSE 11.0 lately and the majority of them boiled down to audio.

Here is a list of a few:

1. VLC required root to have audio, wtf?
2. Sound would crash after listening to any audio for an extended period of time (music, video, flash).
3. If my audio crashed, Firefox could not start up until I did rcalsasound restart
4. Some videos were slow/choppy.

So, you are probably asking, how did I fix all these issues?

zypper rm alsa-plugins-pulse
zypper addlock alsa-plugins-pulse

This removes the alsa plugin for pulse and locks it so it will never install again. Without the alsa plugin installed, the apps go back to using alsa directly. This has fixed every issue I’ve had with openSUSE 11.0 so far.

Great news! The official openSUSE forums are finally here, combining the awesome communities from suseforums.net, suselinuxsupport.de and the openSUSE support forums at forums.novell.com.

If everyone could try to spend a half hour each day browsing the forums to help new users, it would benefit the whole community. openSUSE is growing fast and these forums fill a huge gap in our community for new users.

Without further adieu, http://forums.opensuse.org/

Coolo was nice enough to leak us the RC2 LiveCD’s for openSUSE 11.0 RC2, please download and do final testing to make sure we have the best openSUSE release. Get them here

Features to test can be found here and as always, check most annoying bugs.

Tonight we are having our first openSUSE User Group meeting, we’ll be discussing 11.0 Beta 2.

* Date/Time: Tuesday, May 6, 2008 @ 7:00pm.
* Location: Applebees, 105 E 12300 S, Draper, UT
* Google Maps: Click Here

You can get more information on the group here.

In response to Herlo’s reviews of openSUSE here and here , I thought I’d give Fedora 8 a shot and give an openSUSE user’s perspective.

Lets start with the bad:
First, during the installation it detected my video resolution wrong (nvidia 6800gt) so I had to do my installation without being able to read most of the screen (didn’t see any easy way to switch to text mode, I was using PXE). I did not have this issue with Ubuntu or openSUSE 10.3 on the same computer but I tried a different computer with an Intel video card and couldn’t reproduce the error.

Second, for some reason the nspluginwrapper was installed by default and caused Firefox to be extremely unstable and crash on any website that had embedded audio or video, once I removed the package Firefox became much more stable. Having it installed by default really made no sense because the computer I was running was a 32-bit system and the point of nspluginwrapper is to allow PPC and AMD64 users to run 32-bit plug-ins.

Third, codecs (mp3, video) were not easily installable. I understand that Fedora can’t include these in the distribution but I would’ve loved an easy way to retrieve them. I had to add extra repositories manually (after googling and finding which ones I needed) and then install them. In openSUSE the community repositories are readily available in yast and all I have to do is enable them, there is also the 1-Click install so you do not have to locate/add any repositories. Codecbuddy is a noble attempt but I would like more options than Fluendo.

Fourth, Flash was not readily available (it comes by default in openSUSE 10.3) and I had to search around the Internet (again) for a repository that included it. Luckily Adobe does provide a Fedora specific repository but I think this repository should be included by default in Fedora (or easily enabled).

Fifth, By default Fedora has chosen the iwlwifi drives for my Intel wireless which is great because its a completely open source driver that does not require a service running. But there are some known bugs in this driver and required me to modify my home network so I could connect to it and I can’t connect to my work network at all. This decision would not bother me except that they do not provide the closed ipw3945 drivers in the repositories as an alternative (openSUSE 10.3 provides iwl as an alternative in the repos).

Sixth, I’ve eluded to this a few times already but openSUSE 10.3 provides many community repositories in yast ready to be enabled but it’s also easy to add and find new ones through webpin and the openSUSE build service and add them quickly through yast/zypper. With Fedora it is a little more complicated to locate and add repositories.

Seventh, Most of the system-config-* applications required a running X server, so I was not able to manage my computer remotely with the provided tools. (boot, date, network, packages, printer, selinux, services, time, and users). Not only did they not have a cli/ncurses based interface, some of them even crashed with python errors instead of letting me know I needed X or they gave me a notice that they are deprecated. Why would you want to enforce configuration tools to require X? These tools also did not provide a central “Dashboard” to use them, so a user has to “Just know” what tool to use for the job, they can’t just browse around an easy to use control panel.

Eighth, By default NetworkManager was not on, I can’t think of any reason not to enable NetworkManager by default on a desktop distribution, especially when a wireless network card is available.

Most of the issues aren’t that big of a problem to solve for relatively experienced Linux users but I think they would be show stoppers and scare regular users away from Linux, there are also some issues with Fedora that are more personal preference than bugs:

First, I think clearlooks is a much better theme than the default Fedora one.
Second, I prefer the SLAB menu from openSUSE. Novell did a lot of usability research that I don’t think should be overlooked and even if Fedora doesn’t want to provide it by default, it should at least be in the repositories or an option in the installation. I found it very difficult to find the things I needed, one example was I wanted to modify SELinux to be permissive instead of enforcing, so I went to System->Administration and it wasn’t there, I had to go Applications->System Tools->SELinux Management. What is the difference between Applications->System Tools and System->Administration and why doesn’t SELinux fit in the latter?

Now that we’ve hit the bad and ugly, lets end on a good note?

First, I really love yum over yast’s package management module/zypper. The console output is a lot more detailed and the GTK interface isn’t as invasive as yast’s (yast’s GTK interface takes focus as it runs updates, so its nearly impossible to use the computer while using it). Also, zypper/yast is unbearably slow, I turn auto-refresh off and only update when I know I have time to wait. Yum on the other hand is lightning fast and I wasn’t afraid to use it.

Second, Bluetooth support was enabled by default, although the default configuration didn’t allow me to connect to my phone, its nice to actually have devices detected and ready to be configured out of the box.

So, overall my personal preference is for openSUSE, I think the advantages out weigh the downfalls but at the same time I believe both distros could learn from each other.

Using AutoFS you can have all your network shares automatically mounted (CIFS, SMB, NFS, NIS) rather than defining every share in your /etc/fstab. To do this you just need to setup your /etc/auto.master (this is where it is on SUSE, it can be in a different file on other distros, check /etc/sysconfig/autofs for MASTER_MAP_NAME if its not there) with these lines:

 +auto.master
/net -hosts
/cifs /etc/auto.smb

the /net -hosts part says “mount all NFS shares on the network inside the /net folder”, -hosts is built into AutoFS and will scan your network for NFS shares.  The /cifs /etc/auto.smb says “mount all CIFS shares on the network in /cifs”, auto.smb is an external file AutoFS will read to figure out how to mount the CIFS shares.

So with this configuration you will now have the ability to just change into an nfs/cifs share as if it is already mount, like cd /net/fileserver/music or even list files in the share with ls /cifs/fileserver2/ebooks and it will auto mount the shares as you need them.  If you don’t use the shares for a certain amount of time (you can check /etc/sysconfig/autofs for DEFAULT_TIMEOUT to get the exact time), which allows you to roam network to network aimlessly always getting the shares on that network.

For more information check out the man pages for autofs, automount, and auto.master.

Aaron Toponce has posted up a poll on his blog here and I wanted to cover some of the hypocrisies in the post and express my own feelings.

I think Novell has done nothing but good things for the open source community by employing some of the best and brightest developers around the world to help develop some of the most innovative applications on the Linux desktop (Tomboy, Banshee, F-Spot, Open Office, Evolution, Compiz, AppArmor, and GNOME) and have even more great products coming down the line like Giver and Banter. They also provide us with a great distribution in openSUSE with features that no other distribution has, such as the SLAB menu, openSUSE build service, 1-Click Install and the codecs installer.

They also employ the kernel hacker Greg Kroah-Hartman (the maintainer of PCI, USB, I²C, driver core and the sysfs kernel) and are allowing him to improve hardware compatibility in Linux by running the Linux Driver Project.

So, to cast my vote, It would be a dream come true to work for such a great company like Novell.

And in response to his poll:

1. Novell has made a reputation for itself by laying off employees at a whim, with the AppArmor devs being the most recent example.
   1. Sun does the same thing, its part of owning a large corporation. And there are many reasons for layoffs, it doesn’t make anyone evil.
2. Sun has opened up nearly all of it’s Solaris operating system. Coming from a Solaris background in the early days, this is cool.
   1. How is “nearly” open source better than being completely open source like Novell is with SUSE?
3. Even though Novell apologized to the community for its agreement with Microsoft, knowing that they could be swallowed up any day now by the Redmond giant makes me nervous.
   1. Sun made a deal with Microsoft years ago:
      http://www.sun.com/aboutsun/media/features/sun_microsoft.html
      http://www.microsoft.com/presspass/press/2004/apr04/04-02SunAgreementPR.mspx
4. Sun seems to have a promising future, where Novell seems to be riding the razors edge. I guess time will only tell there, however.
   1. This is just FUD/speculation, but I would have to disagree, openSUSE is looking better than ever and same goes with the rest of the products developed at Novell, I think nothing but great things are to come from them.
5. Sun has said, that if Microsoft goes on a patent litigation rampage, Sun will pull out it’s portfolio protecting Linux users.
   1. Novell has a policy for this http://www.novell.com/company/policies/patent/ and since a majority of their business is invested in Linux and Open Source, why should we doubt them? Especially when they haven’t done anything to make us doubt them.

I would also recommend reading this article which describes the SuSE take over by Novell and how they have helped the open source community.