Bureaucrats, cc_docs_admin, cc_staff
2,306
edits
No edit summary |
(Marked this version for translation) |
||
Line 6: | Line 6: | ||
If the person you want to share your data with has an account on the server in question then the simplest approach is to use the permissions available in the filesystem to share the data. An alternative for sharing data and one which will permit sharing with individuals who don't have an account on the server, is to use [[Globus]] and in particular the idea of a [[Globus#Globus_Sharing | shared endpoint]]. | If the person you want to share your data with has an account on the server in question then the simplest approach is to use the permissions available in the filesystem to share the data. An alternative for sharing data and one which will permit sharing with individuals who don't have an account on the server, is to use [[Globus]] and in particular the idea of a [[Globus#Globus_Sharing | shared endpoint]]. | ||
==Filesystem Permissions== | ==Filesystem Permissions== <!--T:1--> | ||
<!--T:2--> | |||
Like most modern filesystems, those used on the servers of Compute Canada support the idea of permissions to read, write, and execute files and directories. When you attempt to read, modify or delete a file, or access a directory, e.g. with <tt>cd</tt>, the Linux kernel first verifies that you have the right to do this. If not, you'll see the error message "Permission denied". For each filesystem object (file or directory) there are three classes of users: | Like most modern filesystems, those used on the servers of Compute Canada support the idea of permissions to read, write, and execute files and directories. When you attempt to read, modify or delete a file, or access a directory, e.g. with <tt>cd</tt>, the Linux kernel first verifies that you have the right to do this. If not, you'll see the error message "Permission denied". For each filesystem object (file or directory) there are three classes of users: | ||
# the object's owner --- normally the user who created the object, | # the object's owner --- normally the user who created the object, | ||
Line 14: | Line 15: | ||
Each of these classes of users may have the right to read, write, or execute the object. Three classes of users times three types of permission means there are nine permissions associated with each object. | Each of these classes of users may have the right to read, write, or execute the object. Three classes of users times three types of permission means there are nine permissions associated with each object. | ||
<!--T:3--> | |||
You can see what the current permissions are for a filesystem object with the command | You can see what the current permissions are for a filesystem object with the command | ||
{{Command|ls -l name_of_object}} | {{Command|ls -l name_of_object}} | ||
which will print out the permissions for the owner, the group, and everyone else. For example, a file with permissions <tt>-rw-r--r--</tt> means the owner can read it and write it but not execute it, and the group members and everyone else can only read the file. You'll also see printed out the name of the object's owner and the group. | which will print out the permissions for the owner, the group, and everyone else. For example, a file with permissions <tt>-rw-r--r--</tt> means the owner can read it and write it but not execute it, and the group members and everyone else can only read the file. You'll also see printed out the name of the object's owner and the group. | ||
<!--T:4--> | |||
To change the permissions of a file or directory you can use the command <tt>chmod</tt> along with the user class, a plus or minus sign indicating that permission is granted or withdrawn, and the nature of the permission: read (<tt>r</tt>), write (<tt>w</tt>) or execute (<tt>x</tt>). For the user class we use the abbreviations <tt>u</tt> for the owner (user), <tt>g</tt> for the group and <tt>o</tt> for others, i.e. everyone else on the machine. So a command like | To change the permissions of a file or directory you can use the command <tt>chmod</tt> along with the user class, a plus or minus sign indicating that permission is granted or withdrawn, and the nature of the permission: read (<tt>r</tt>), write (<tt>w</tt>) or execute (<tt>x</tt>). For the user class we use the abbreviations <tt>u</tt> for the owner (user), <tt>g</tt> for the group and <tt>o</tt> for others, i.e. everyone else on the machine. So a command like | ||
{{Command|chmod g+r file.txt}} | {{Command|chmod g+r file.txt}} | ||
Line 26: | Line 29: | ||
grants everyone on the machine the right to read file.txt. | grants everyone on the machine the right to read file.txt. | ||
<!--T:5--> | |||
It's also common for people to use "octal notation" when referring to Unix filesystem permissions even if this is somewhat less intuitive than the above symbolic notation. In this case, we use three bits to represent the permissions for each category of user, with these three bits then interpreted as a number from 0 to 7 using the formula (read_bit)*4 + (write_bit)*2 + (execute_bit)*1. In the above example the octal representation would be 4+2+0 = 6 for the owner and 4+0+0 = 4 for the group and everyone else, so 644 overall. | It's also common for people to use "octal notation" when referring to Unix filesystem permissions even if this is somewhat less intuitive than the above symbolic notation. In this case, we use three bits to represent the permissions for each category of user, with these three bits then interpreted as a number from 0 to 7 using the formula (read_bit)*4 + (write_bit)*2 + (execute_bit)*1. In the above example the octal representation would be 4+2+0 = 6 for the owner and 4+0+0 = 4 for the group and everyone else, so 644 overall. | ||
<!--T:6--> | |||
Note that to be able to exercise your rights on a file, you also need to be able to access the directory in which it resides. This means having both read and execute permission ("5" or "7" in octal notation) on the directory in question. | Note that to be able to exercise your rights on a file, you also need to be able to access the directory in which it resides. This means having both read and execute permission ("5" or "7" in octal notation) on the directory in question. | ||
<!--T:7--> | |||
You can alter these permissions using the command <tt>chmod</tt> in conjunction with the octal notation discussed above, so for example | You can alter these permissions using the command <tt>chmod</tt> in conjunction with the octal notation discussed above, so for example | ||
{{Command|chmod 777 name_of_file}} | {{Command|chmod 777 name_of_file}} | ||
means that everyone on the machine now has the right to read, write and execute this file. Naturally you can only modify the permissions of a file or directory you own. You can also alter the group by means of the command <tt>chgrp</tt>. | means that everyone on the machine now has the right to read, write and execute this file. Naturally you can only modify the permissions of a file or directory you own. You can also alter the group by means of the command <tt>chgrp</tt>. | ||
<!--T:8--> | |||
The file permissions discussed above have been available in Unix-like operating systems for decades now but they are very coarse-grained. The whole set of users is divided into just three categories: the owner, the group, and everyone else. What if I want to allow a single user who isn't in my group to read a file? Do I really need to make the file readable by everyone in that case? No. The Compute Canada's national systems offer "access control lists" (ACLs) to enable permissions to be set on a user-by-user basis if desired. The two commands needed to manipulate these extended permissions are | The file permissions discussed above have been available in Unix-like operating systems for decades now but they are very coarse-grained. The whole set of users is divided into just three categories: the owner, the group, and everyone else. What if I want to allow a single user who isn't in my group to read a file? Do I really need to make the file readable by everyone in that case? No. The Compute Canada's national systems offer "access control lists" (ACLs) to enable permissions to be set on a user-by-user basis if desired. The two commands needed to manipulate these extended permissions are | ||
* <tt>getfacl</tt> to see the ACL permissions, and | * <tt>getfacl</tt> to see the ACL permissions, and |