rsnt_translations
56,420
edits
Sharing data: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 17: | Line 17: | ||
<!--T:2--> | <!--T:2--> | ||
Like most modern filesystems, those used on our clusters support the idea of permissions to read, write, and execute files and directories. When you attempt to read, modify or delete a file, or access a directory, e.g. with <code>cd</code>, the Linux kernel first verifies that you have the right to do this. If not, you'll see the error message | Like most modern filesystems, those used on our clusters support the idea of permissions to read, write, and execute files and directories. When you attempt to read, modify or delete a file, or access a directory, e.g. with <code>cd</code>, the Linux kernel first verifies that you have the right to do this. If not, you'll see the error message <i>Permission denied</i>. For each filesystem object (file or directory) there are three categories of users: | ||
* the object's owner --- normally the user who created the object, | * the object's owner --- normally the user who created the object, | ||
* members of the object's group --- normally the same as the owner's default group, and | * members of the object's group --- normally the same as the owner's default group, and | ||
| Line 38: | Line 38: | ||
<!--T:5--> | <!--T:5--> | ||
It's also common for people to use | It's also common for people to use <i>octal notation</i> when referring to Unix filesystem permissions even if this is somewhat less intuitive than the above symbolic notation. In this case, we use three bits to represent the permissions for each category of user, with these three bits then interpreted as a number from 0 to 7 using the formula (read_bit)*4 + (write_bit)*2 + (execute_bit)*1. In the above example, the octal representation would be 4+2+0 = 6 for the owner and 4+0+0 = 4 for the group and everyone else, so 644 overall. | ||
<!--T:6--> | <!--T:6--> | ||
| Line 209: | Line 209: | ||
$ setfacl -R -m u:smithj:rwX /home/<user>/projects/def-<PI>/shared_data | $ setfacl -R -m u:smithj:rwX /home/<user>/projects/def-<PI>/shared_data | ||
</source> | </source> | ||
; Note: The X attribute above (compared to x) sets the | ; Note: The X attribute above (compared to x) sets the <i>execute</i> permission only when the item is already executable (either a directory or a file with the execute permission). A directory needs the execute permission to allow it to be browsed. | ||
<!--T:28--> | <!--T:28--> | ||
| Line 218: | Line 218: | ||
* The directory, <code>/home/smithj/projects/def-smithj/shared_data</code> in our example, must be owned by you. | * The directory, <code>/home/smithj/projects/def-smithj/shared_data</code> in our example, must be owned by you. | ||
* Parent directories (and parents of parents, etc.) of the one you are trying to share must allow execute permission to the user you are trying to share with. This can be supplied with <code>setfacl -m u:smithj:X ...</code> in this example, or it can be supplied by allowing everyone entry, i.e. <code>chmod o+x ...</code>. They do not need to have public read permission. In particular you will need to grant execute permission on the project directory (<code>/projects/def-<PI></code>) either for everyone, or one-by-one to all the people you are trying to share your data with. | * Parent directories (and parents of parents, etc.) of the one you are trying to share must allow execute permission to the user you are trying to share with. This can be supplied with <code>setfacl -m u:smithj:X ...</code> in this example, or it can be supplied by allowing everyone entry, i.e. <code>chmod o+x ...</code>. They do not need to have public read permission. In particular you will need to grant execute permission on the project directory (<code>/projects/def-<PI></code>) either for everyone, or one-by-one to all the people you are trying to share your data with. | ||
* <b>if you want to let other users or collaborators know that you shared a path under project with them, you MUST provide them with the ABSOLUTE PATH of project, and NOT the link of that project folder through your home path, otherwise they will fail to access the folder you shared. In another words, don't bother sending the path | * <b>if you want to let other users or collaborators know that you shared a path under project with them, you MUST provide them with the ABSOLUTE PATH of project, and NOT the link of that project folder through your home path, otherwise they will fail to access the folder you shared. In another words, don't bother sending the path <i>/home/<user>/projects/def-<PI>/shared_data</i> as the reference. Instead send them <i>/project/def-<PI>-gidNumber/shared_data</i> (you may get that information by 'cd /home/<user>/projects/def-<PI>/shared_data; pwd'</b> | ||
==== Removing ACL ==== <!--T:48--> | ==== Removing ACL ==== <!--T:48--> | ||