Sharing data: Difference between revisions

Having to share some but not all of your data with a colleague or another research group is a common occurrence. Compute Canada systems provide a variety of mechanisms to facilitate this data sharing with colleagues. If the person you want to share the data with is a member of the same research group as you, then the best approach may be to make use of the [[Project_layout | project space]] that each research group has in common; if your research requires the creation of a group on one of the national clusters, you can request this by contacting [[Technical support|technical support]] since users cannot create their own groups. At the opposite extreme, if the person you need to share the data with doesn't even have an account on the cluster, you can use use [[Globus]] and in particular what is called a [[Globus#Globus_Sharing | shared endpoint]] to share the data. To handle the scenario of sharing with a colleague who has an account on the cluster but doesn't belong to a common research group with you, the simplest approach is to use the permissions available in the filesystem to share the data, the principal topic of this page.  

Like most modern filesystems, those used on Compute Canada clusters support the idea of permissions to read, write, and execute files and directories. When you attempt to read, modify or delete a file, or access a directory, e.g. with <tt>cd</tt>, the Linux kernel first verifies that you have the right to do this. If not, you'll see the error message "Permission denied". For each filesystem object (file or directory) there are three categories of users:  

When dealing with a shared directory where multiple users have read, write and execute permission, as would be common in the [[Project_layout | project space]] for a professor with several active students and collaborators, the issue of ensuring that an individual cannot delete the files or directories of another can arise. For preventing this kind of behaviour the Unix filesystem developed the concept of the [https://en.wikipedia.org/wiki/Sticky_bit sticky bit] by means of which the filesystem permissions for a directory can be restricted so that a file in that directory can only be renamed or deleted by the file's owner or the directory's owner. Without this sticky bit, users with write and execute permission for that directory can rename or delete any files that it may contain even if they are not the file's owner. The sticky bit can be set using the command <code>chmod</code>, for example

In the summer 2019, we discovered that the default <code>umask</code> was not the same on all Compute Canada servers. On October 16th, 2019, we changed the default <code>umask</code> on these three servers to match the one from Graham. The default <code>umask</code> changed as follows:  

The file permissions discussed above have been available in Unix-like operating systems for decades now but they are very coarse-grained. The whole set of users is divided into just three categories: the owner, the group, and everyone else. What if you want to allow someone who isn't in a group to read a file - do you really need to make the file readable by everyone in that case? The answer, happily, is no. Compute Canada's national systems offer ''access control lists'' (ACLs) to enable permissions to be set on a user-by-user basis if desired. The two commands needed to manipulate these extended permissions are  

<br />2. When you receive confirmation from Compute Canada Support that the group has been created, go to [https://ccdb.computecanada.ca/services/ ccdb.computecanada.ca/services/] and access it:<br />