Setting permissions / ownership

Background context (Questions further down)

One of the things that irks me about modern OSs is that they are based around multiple users, and have convoluted layers of permissions and ownerships for files and folders related to users, groups, and combinations of all that. As far as I know, the data isn't stored in files themselves as metadata, or in the OS (equivalent of the registry), but somehow on the drive in a hidden section, governed by the formatting system (NTFS, ext4 etc).

Obviously none of that complicated ownership/permissions setup is relevant to a single-user PC, but as far as I know, no modern OSs include a single-user option at install which disables all of that (which would be my preference). I use my PC exactly the same as I used my Amiga: I turn it on, I get to my desktop. I expect to be able to make changes to my PC with full ownership of my files (documents, pictures, installable programs etc), even if I got a new PC and accessed files created on the other one. There are no users or groups. (Obviously it's fine for system files created by the OS to have restrictions, I am only talking about my personal files, mostly stored on a separate drive.)

For a user like me, none of the ownership/permissions thing has any relevance to how I use my PC; conversely, it can cause problems. I'll give two quick examples.

• Recently I accidentally broke the ability to boot into Linux. (Doh!) My separate data drive would be fine even if I had to reinstall Linux, but obviously I'd lose anything on the Linux drive - my work files on the desktop, my Thunderbird profile and emails etc. I tried to restore the boot menu with no success by booting to a Linux recovery OS from USB option (it just gave options and errors I didn't understand). So, I had the bright idea to USB boot to live Zorin, then use Nautilus to copy the desktop and Thunderbird files to a USB stick so I could reinstall the OS and copy them back. Except when I tried to do that, Linux refused: it gave errors about not having ownership/permission, and wouldn't let me access my own files. Argh! The unwanted user/permissions/ownership system was causing me problems in using my own PC. (It's also another reason why I hate default "user" folders and use them as little as possible.)
• Another example is from Windows (but may well apply to Linux). I keep my personal files on a separate internal drive. It's easy to back up, and means I can reinstall an OS with no issue. However, the data files have been created over years on different PCs, different operating systems, different user names. Some files come from other people, or are edited by other people (e.g. documents I'd emailed to my editor to mark up and return). They'd all also been transferred between backup drives and the internal hard drive. Along the way these moves have probably created different permissions and ownerships. But I started running into problems when restoring or backing up files to an external drive after moving from Windows XP to Windows 7 (and an NTFS-formatted drive). My synchronisation software was failing on some files with an "Access is Denied" message. They weren't encrypted or read-only. I had another problem with MP3 tagging software giving vague errors, and another didn't let me rename some files. I then spent weeks trying to work it out and alter permissions, and eventually some combination got rid of those problems, but it was a waste of time and didn't preclude further problems with other files and folders. There seemed to be no reset button to just make every file and folder have full, simple permissions (or just delete the whole permissions system). And there's obviously no way to individually check and compare the combinations of ownerships and permissions for different categories for over 100,000 files.

Since I don't have the option of disabling this feature, I just want to make it as invisible as possible, hence my questions below, to achieve that end.

NB that when I last asked something like this I had my Data drive as NTFS, so both Windows and Linux could access the data. Although that had many advantages for me, people pointed out that it could be the cause of some unexpected behaviours when using my files in Linux. I had read loads of articles about dual booting Windows and Linux prior to making the move, and none of them ever covered dealing with a shared data drive (which seems to be an element I would have thought was fairly common in dual use setups, especially for people transitioning from Windows to Linux.) There's definitely a need for basic user guides covering things like this! Anyway, I decided to give up some of the convenience in an attempt to make the Linux experience better. I partitioned the data drive into two. I left half as NTFS for the files I need in Windows (mostly 3D rendering assets) but also letting the NTFS drive act as a way of sharing personal files between the two OSs without needing to bother with a USB stick. The other partition is now ext4, and contains 95% of my personal files. Obviously Windows can't see any of those, so I have to plan ahead if I want to work on any of them while in Windows doing a complex 3D render in the background. But, on the plus side, it should make it easier to work with my files and folders in Linux. So everything here is just about ext4!

Questions

1> When I reinstall any operating system I choose the same username of NA, in the hopes that the OS will see all the files I created previously (on another OS/install with the same username NA) as still being "mine". Or is that a red herring that makes no difference?

2> Ideally anything in the users/home folders would have the same permissions as my own files on the separate internal data drive. However, is there an option to set the Desktop as existing on my separate ext4 data drive along with all my other data? So that when I do backups I would just synchronise the backup with that single data drive, rather than doing two processes (one for the drive, one for the Desktop stored on the OS drive)? If my Desktop and personal files were all on my data drive that could simplify a lot of things. (It may even fix the weird issue that currently the behaviour of moving a file between two ext4 drives is different depending on the direction - if I made this change, the Desktop and my user files would be on the same drive, so it might be more seamless.) Is it possible to make Zorin use a folder on the other ext4 drive as my Desktop? Could there be any unintended problems?

3> For now I'll work on the assumption that 2 is possible, so then I have a scenario where all the data I care about backing up (so that includes anything on my Desktop) is on a single ext4 hard drive partition. Assuming I reinstalled an OS on the OS drive, or got a new PC with a new OS (and used a backup to put all my data on the data drive), is there a simple procedure to make sure everything on the data drive is owned by me, with full rights, so that I don't run into problems? Either a command or GUI setting that would apply to a drive or folder and apply recursively to every file and folder on the drive? If so, that should make the permissions system invisible to me after doing that step.

Thanks!

You can take ownership of the files/dirs by opening terminal, type: sudo -i. This will give you a root prompt. Then type: nautilus (if in gnome) or thunar (if in xfce) and hit enter. Leave the terminal open and you will see the file explorer open. You can navigate to those files, right click, properties, change owner, or set permissions to allow others full access.

As annoying as it is, this is there for security, and one of the main reasons that Linux doesn't get attacked.

How secure is that drive windows has permissions set on? Boot it as a secondary and you can access all the files. Do that on Linux and you may have read permission. Which would you like if someone stole your computer?

The web holds a vast amount of info regarding permissions... maybe even some of the topics here, you'll never know if you don't search. Try "permissions for Ubuntu 20" or "how to make files accessible by other accounts Ubuntu 20". Zorin 16 is based on Ubuntu 20.

Nice book, most of it was pointless.

The one I am reading about Linux? Yes, I'm finding most of it is too basic for me (since it is just about GUIs and apps) though I wanted to make sure I had at least a basic level of understanding. Hopefully my other book will have more info.

I'm afraid I kind of got lost - I read so many articles I was more confused by the end. Many covered changing permissions via commands like chown/chmod (?) but they were for individual files (or folders, wasn't always clear). None seemed to cover what the settings should be, and how to do it for a whole drive rather than a single file, or mentioned any of the problems I'd had. I read a lot of forum posts too on things that seemed similar, but again, the slightly different focus each time meant it was hard to know which bits to pull out. None of them explained how the username you set in an OS affects accessing the files in a reinstall of the OS with the same username, for example (my first query above).

Assuming I can find a way to get my Desktop stored on my HDD (question 2 - so all my work files are on a single drive for ease of backup), that just leaves me scratching my head over #3.

What should the permissions be ideally so that I never get locked out of my own files and folders?
How do I set them for the whole drive? (It's what I would have called D: in Windows.) Are they applied to a drive, or to each root folder separately (and recursively)?

I'll have a look at your sudo command in a moment, many thanks!

I'm a bit confused by this I'm afraid. The drive is what I would have called my D:. I can't boot from it, it just has my personal files on.

As far as I can see, anything done to prevent someone else accessing the data (e.g. via locked down permissions) would also create scenarios where I am also locked out of the data (as in the examples I gave). The only way to prevent me being locked out is to make sure I always have permission to access them, even if I reinstall the OS or get a new PC, or access them via an emergency USB boot of Linux. That's what my goal is. OF course, yes, if someone broke into my house and stole my desktop PC they'd probably have access to the D:, but if the only way to prevent that is to set permissions and restrictions that might also lock me out of my own data, then I'd be worse off. As in, if my PC was stolen, my business would continue the next day - I'd just copy my files to a new PC from my backup drive. Someone else would have my PC, but they wouldn't be able to stop me working. But if I locked things down a lot, maybe they might have more problems accessing my data (or maybe not - they probably know a lot more than me, and have ways round it); but the bigger risk is me having some issue with the backed up data, and not being able to access the files properly because the permissions now think I am a different user on a different PC.

Sorry, it makes my head spin trying to find the right vocabulary/scenario descriptions!

Thanks , I had a quick go, but got lost at "You can navigate to those files, right click, properties, change owner, or set permissions to allow others full access."

There are over 100,000 files on the drive, so I'm not sure how to set the owner and permissions for everything. Can I apply it to the drive itself? Or, if there are x root folders, do I do this on each one, but make it apply to everything within them (files and folders)? If so I could even put each root folder into a single root folder, apply this, then pop them out again.

Also, which settings should I choose to make sure I can access the files fully, even if I access them from an emergency USB Linux boot?

PS Thanks for making time to reply - I am learning a lot, and now feel I am getting close to resolving most of the things that I am adjusting to in switching operating systems.

If it's mounted from boot, edit your fstab file and include the octal permission there. Any changes made to the permissions would be overridden by the fstab.

By making it accessible for any os YOU may install, you are essentially saying you don't want any security at all and you are fine with anyone having access to your files. Windows already does this fine. You needn't change anything there. Linux on the other hand, it would require a lot to bypass or disable the security, something I am not comfortable helping you do. It's there for a reason. The entire system is based around it. While it may be inconvenient at times, what you ask would be no different than running a windows machine as administrator (which most do) allowing anything to install or have access without you even knowing (RansomWare anyone).

I'm curious, are you also frustrated by doors, locks and other such inconveniences that keep your physical property safe?

For the most part you have access. If you need to modify something in a directory, you can use sudo for that.

I have been dual-booting windows/Zorin now for two years. I have an ntfs partition mounted as a data share. When writing to the root of the partition it requires a password. Anything else doesn't. I am using the default permissions that the kernel wrote to fstab. I access windows and linux directories without issue, including my windows C: drive.

Apologies, I don't know what that means. I'm after a procedure/command to make sure my personal data files on my data drive (not my OS files on the OS drive) will be fully "owned" by me even if I have to install a new OS, or move to a new PC.

No, they make sense. But the problem with an OS and the concept of a "user" is that each OS has no way of knowing that actually user x on OS 1 and user y on OS 2 are the same person. In reality I am the owner of the data files and folders; but each OS inevitably thinks each "owner" is a different person, so locks the others out.

Suppose each room in my house had a different lock. And if I changed the decoration of my entrance hall, suddenly my keys no longer worked to get into the other rooms. That's what can happen if I try to access my files via another OS. It makes no sense to me, and causes problems. I already couldn't access my files once in the last week due to this.

[quote="337harvey, post:8, topic:11019"]
By making it accessible for any os YOU may install, you are essentially saying you don't want any security at all and you are fine with anyone having access to your files. [/quote]

Well, all I want is for me to not be prevented from accessing my own personal files - music, documents, pictures etc. I don't know what security settings are required for that. But if I transfer files to my writing laptop or back, I don't want them to be locked as "not mine". If I have to boot via an emergency USB I don't want to be prevented from accessing and backing up my own files. If there is a way of doing that without giving full access to everyone, fine. But as far as I can tell, any scenario that restricts others, also created potential scenarios where I can't access my own data. That is a far bigger risk for me.

Note that I'm not talking about the OS drive, system files, programs etc - the equivalent of the C:. I am only talking about my own files, the data drive (D:). The default OS file settings would be unchanged, the OS would be applying protection just the same. I just want to make sure I don't lose access to the files my life depends on, just because another OS I install on a different PC (or the same one) thinks I am a different person.

If I have Zorin and Mint dual booting on my PC, I don't want the draft of a novel written on one of them to be restricted when I uninstall that OS and only access the file from the other. Likewise when I transfer the file to my writing laptop, or share a file with an editor, of pass some photos on to my family, or get a new PC and transfer all my files. Any restriction that stops the files working properly in those scenarios is a problem, hence me wanting to make sure that doesn't apply to my personal data files. Over the last 20 years I have installed or reinstalled nine different operating systems across five PCs, sometimes reinstalled more than once, so let's say up to 20 installations. I have transferred my backed up data drive contents to each new one that I use. The last thing I want is to be prevented from accessing and "owning" my own files!

As far as I can tell, the whole permissions and ownership thing is fine on the OS drive (and gets reset to a new user each time an OS is installed); and also fine is someone only ever has one PC and OS. But if applied to personal data files across so many PCs and OSs, then it's bound to cause problems if it (incorrectly) thinks each user is a different person, when really it is the same one, me, Karl Drinkwater.

This is not meant to be a direct answer to your question.

But I just wanted to show you other solutions for such situation - moving data between/among different machines.

Case 1.
One of our acquaintances had to move his data between 2 households after he divorced. He needed a desktop for his works. He bought a large capacity external HDD and saved his data only on that HDD.

Case 2.
I have a home made NAS (OpenMediaVault) and copy files (photos, video, music, text files, etc) I want to share with my family on it. This is another way to share files provided all machines are connected to the same network.

I guess case 1 is what I do when I transfer my files to a new PC. Whereas if I reinstall the OS or install a new one, my files are already there on the separate data drive - the new OS needs to access them exactly the same as if they'd been created in that OS, not see them as "owned" by someone else and restrict me (which is, I think, what Linux would do by default, as I found out when it stopped me backing up my files via an emergency Linux version).

In a way, this is my central question: how to stop Linux from seeing my files as "owned" by someone else if I access them from a different OS (e.g. a fresh install, new PC, different distro or whatever). And the only way to do that, as far as I can tell, is to make sure the permissions don't restrict the files/folders only to the current OS user.

[Re: case 2 - none of my family are in my house or town, I'm just thinking about general shares via USB sticks, email, Google drive etc - maybe I share my document of recipes or some pictures or something, I wouldn't want them to get blocked from making changes to the files.]

That really surprises me.
Unless those files are saved in HOME directory, there should be no ownership attached to the files in the external drive.

I have a multimedia drive which I can access from any machines I have here (3 laptops + 2 desktops) regardless of the OS on them.

Interesting, none of the stuff I read made that clear. Even in the posts above I thought I was clear that I was mainly referring to my data drive, not my OS drive. Is there any way to confirm that all the files and folders on my data drive have the same permissions and ownership? That's why I thought (due to them being created in so many places over the years) that running a single command on that drive would make sure that everything was fine, every folder and file with the correct permissions. Then, if I can also store my Desktop on that drive in its own folder, I'd be fine. That's what I'm after, making sure that drive is accessible for me from any OS, with no different historic permissions on anything.

You could have your HOME directory on the external drive.
It does not have to be in the default location.

Some users prefer to have a separate partition or a separate drive for their HOME directory.

In this case scenario, each file can have a permission issue since HOME directory is essentially a part of the OS.

But if you never have your external drive in such configuration, there should not be any permission issue. At least that was my experience since the time I used Ubuntu 8.

I have no answer to that question, since I've never experienced this issue myself.
I hope other forum volunteers can answer your question.

I'm pretty sure your drive is mounted on boot, correct? Open a terminal and type:

sudo gedit /etc/fstab

In the window that opens you are looking for where it is mounted (/mnt/[volume label]), which will be after the uuid (a long number with dashes in it sort of like windows registry keys). You will see a group of 3 or 4 numbers, that is your permissions for the mount. It will have something similar to 007 or 0007, yours may be different. Change this value to all 0's. Save and reboot for it to take effect.

Ah, so permissions/ownership can be applied to a drive (/dev) rather than the folders and files (/mnt)? I'm confused by how the OS can summaries a whole drive if (potentially) the files and folders on it all have different permissions? Sorry if I missed the point there!

Screenshot from 2021-11-11 16-21-521203×840 115 KB

Thanks - this is what I see. Wow, that is a lot of codewords! I'm not sure which is my data drive partition, since that appears as /mnt/sda2/Data in Nautilus.
(Yes, the drive is always there when I am in the OS, so is mounted at boot. Its the one I keep all my files on so I use it continuously.)