cc_staff
52
edits
Sharing data: Difference between revisions
Jump to navigation
Jump to search
m
added group ACL
No edit summary |
m (added group ACL) |
||
| Line 121: | Line 121: | ||
If I want to allow a single person with username <tt>smithj</tt> to have read and execute permission on the file <tt>my_script.py</tt> I can achieve this with the command | If I want to allow a single person with username <tt>smithj</tt> to have read and execute permission on the file <tt>my_script.py</tt> I can achieve this with the command | ||
{{Command|setfacl -m u:smithj:rx my_script.py}} | {{Command|setfacl -m u:smithj:rx my_script.py}} | ||
Recommended approach is to allow access to specific path (for example ''/home/ | Recommended approach is to allow access to specific path (for example ''/home/smithj/projects/def-smithj/shared_data'') for particular group (for example ''wg-datasharing''), using <tt>setfacl</tt> with following command | ||
{{Command|setfacl -m g:wg-datasharing: | {{Command|setfacl -m g:wg-datasharing:rwx /home/smithj/projects/def-smithj/shared_data}} | ||
In order for this method to work following needs to be in place: | |||
# Group wg-datasharing (or any other name I prefer), used for sharing data, created in CCDB and I am assigned an ownership of this group, allowing me add or remove members of the group in CCDB | |||
# Directory (or file, if I prefer to do that) /home/smithj/projects/def-smithj/shared_data is owned by me | |||
# Since data sharing group is not necessary (most likely -- not) the owner of the directory or file I'd like to share, all nested parent directories in path should allow public entry, but not public read (unless I decide to allow it) | |||
How do I achieve these three requirements? | |||
* I send email to [mailto:support@computecanada.ca support@computecanada.ca] requesting creation of data sharing group, indicate name of the group I'd like to have and set me as an owner. | |||
* As soon as I receive a confirmation from ComputeCanada Support regarding creation of the group, I go to [https://ccdb.computecanada.ca/services/ ccdb.computecanada.ca/services/] and access my group: | |||
[[File:Cc services screen.png|1036px|Services screen displays groups I can manage]] | |||
* Clicking on group's name I enter group management screen: | |||
[[File:Cc service management screen.png|1036px|Services screen shows group's owner]] | |||
* I add member (Victor Van Doom with CCI vdv-888, for example) to the group as a member: | |||
[[File:Cc service add member success screen.png|1036px|Services screen shows members of the group]] | |||
* I make sure that path /home/smithj/projects/def-smithj open for public access: | |||
{{Command|chmod -R o+X /home/smithj/projects/def-smithj}} | |||
*I set up ACL for the path I have in mind and new group: | |||
{{Command|setfacl -m g:wg-datasharing:rwx /home/smithj/projects/def-smithj/shared_data}} | |||
<!--T:11--> | <!--T:11--> | ||
'''Note:''' <tt>setfacl</tt> and <tt>getfacl</tt> do not work on [[Graham]] /home. Use the /project or /scratch filesystems instead. | '''Note:''' <tt>setfacl</tt> and <tt>getfacl</tt> do not work on [[Graham]] /home. Use the /project or /scratch filesystems instead. | ||
</translate> | </translate> | ||