Managing Network Permissions on Linux Mint with Cinnamon Desktop

sudo apt update
sudo apt install acl attr samba-common-bin nfs-common ldap-utils policycoreutils

# Change owner
sudo chown username:groupname /path/to/network/share

# Change permissions
sudo chmod 755 /path/to/network/share

# Set recursive permissions
sudo chmod -R 770 /path/to/network/directory

# Set directory-only permissions
sudo find /path/to/network/directory -type d -exec chmod 755 {} \;

# Add ACL support to fstab
sudo nano /etc/fstab

UUID=xxx  /  ext4  defaults,acl  0  1

# Add user ACL
sudo setfacl -m u:username:rwx /path/to/resource

# Add group ACL
sudo setfacl -m g:groupname:rx /path/to/resource

# Set default ACLs for new files
sudo setfacl -d -m u:username:rwx /path/to/directory

sudo nano /etc/samba/smb.conf

[share_name]
    path = /path/to/share
    valid users = @allowed_group
    write list = @writers_group
    read list = @readers_group
    create mask = 0660
    directory mask = 0770

# Add Samba user
sudo smbpasswd -a username

# Enable user
sudo smbpasswd -e username

sudo nano /etc/exports

/path/to/share client(rw,sync,no_subtree_check,anonuid=1000,anongid=1000)

# Update NFS exports
sudo exportfs -ra

# Set directory permissions
sudo chmod 755 /path/to/share
sudo chown nobody:nogroup /path/to/share

# Add new group
sudo groupadd network-users

# Add user to group
sudo usermod -aG network-users username

# Set group ownership
sudo chgrp -R network-users /path/to/share

# Set group permissions
sudo chmod -R g+rwx /path/to/share

# Set SGID bit
sudo chmod g+s /path/to/share

#!/bin/bash
# Save as ~/scripts/setup-permissions.sh

USERNAME=$1
SHARE_PATH=$2

# Create user if doesn't exist
if ! id "$USERNAME" &>/dev/null; then
    sudo useradd -m $USERNAME
    sudo passwd $USERNAME
fi

# Add to necessary groups
sudo usermod -aG network-users $USERNAME

# Set up home directory permissions
sudo chmod 750 /home/$USERNAME

# Set up share permissions
sudo setfacl -m u:$USERNAME:rwx $SHARE_PATH
sudo setfacl -d -m u:$USERNAME:rwx $SHARE_PATH

#!/bin/bash
# Save as ~/scripts/audit-permissions.sh

AUDIT_LOG="/var/log/permissions-audit.log"

echo "Permission Audit - $(date)" > $AUDIT_LOG
echo "-------------------------" >> $AUDIT_LOG

# Check directory permissions
find /path/to/share -type d -ls >> $AUDIT_LOG

# Check ACLs
getfacl -R /path/to/share >> $AUDIT_LOG

# Check Samba share permissions
testparm -s >> $AUDIT_LOG

#!/bin/bash
# Save as ~/scripts/monitor-permissions.sh

LOG_FILE="/var/log/permission-changes.log"
ALERT_EMAIL="admin@domain.com"

# Monitor permission changes
inotifywait -m -r /path/to/share -e attrib -e modify -e chmod |
while read path action file; do
    echo "$(date): $action on $path$file" >> $LOG_FILE
    
    # Alert on suspicious changes
    if [[ "$action" == "CHMOD" ]]; then
        echo "Permission change detected: $path$file" | 
        mail -s "Permission Alert" $ALERT_EMAIL
    fi
done

#!/bin/bash
# Save as ~/scripts/access-control.sh

# Check user access
check_access() {
    local user=$1
    local resource=$2
    
    if sudo -u $user test -r $resource; then
        echo "$user has read access to $resource"
    else
        echo "$user does not have read access to $resource"
    fi
    
    if sudo -u $user test -w $resource; then
        echo "$user has write access to $resource"
    else
        echo "$user does not have write access to $resource"
    fi
}

# Monitor access attempts
tail -f /var/log/auth.log | grep "access denied"

#!/bin/bash
# Save as ~/scripts/permission-maintenance.sh

# Check for incorrect permissions
find /path/to/share -type f -perm /o+w -exec chmod o-w {} \;

# Reset directory permissions
find /path/to/share -type d -exec chmod 755 {} \;

# Update group permissions
find /path/to/share -type f -exec chmod g+rw {} \;

# Check and fix ACLs
getfacl -R /path/to/share > /tmp/acls.backup
setfacl --restore=/tmp/acls.backup