[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#14283: RFE: ls should display presence of capabilities on a file

From: Pádraig Brady
Subject: bug#14283: RFE: ls should display presence of capabilities on a file
Date: Fri, 01 Aug 2014 12:54:14 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2

On 04/27/2013 10:35 AM, Pádraig Brady wrote:
> severity 14283 wishlist
> On 04/27/2013 03:26 AM, Linda Walsh wrote:
>> Just as 'l's displays the presence of access lists by putting a
>> '+' after the normal mode-bits, perhaps it could put a '^' after
>> mode-bits to indicate capabilities are set.
>> I'm aware that if I'm on a color terminal I can get an indication
>> of this, but color is often off (run through pipes, or not on
>> color term, or by default).
>> for SUID/GUID one gets an indicator of s/S in the modebits, so
>> thought '^' might be reasonable to indicate cap-elevation bits?
> Yes, in general colors aren't a good mechanism to indicate permissions.
> I prefer to highlight portions of the permissions string,
> which is more direct and obvious. See http://www.pixelbeat.org/scripts/l
> But we have to be a bit careful adding to the permissions string,
> for compat reasons etc. I do like the idea of ^ (hat) => cap.
> You could even be fancy and use combining hat (\u0302) so
> as to not take up any more place, though combining char support
> is not currently supported well enough to allow that I think.
> We'll consider it,

There is also the performance issue to consider here.
Currently only can disable coloring or just capability coloring,
which will disable the capability lookup.
This was seen to significantly impact performance:

  $ mkdir testcap
  $ cd testcap
  $ seq 10000 | xargs touch

  $ time ls --color -l >/dev/null
  real 0m0.150s
  $ time LS_COLORS=ca=: ls --color -l >/dev/null
  real 0m0.116s

Though the overhead is decreasing over time:

  Fedora  8 = 30%
  Fedora 15 = 24%
  Fedora 20 = 14%

So I'm leaning towards leaving this enabled now in --long mode
thus allowing to set the permissions flags appropriately.

So what to set? Well we only have a single byte to play with.
Currently we have '.' meaning only SELinux, and '+' meaning anything else.
So I'm thinking we should also have capabilities significant
for outputting the '+'.

This is also tracked at http://bugs.debian.org/756712


reply via email to

[Prev in Thread] Current Thread [Next in Thread]