Bureaucrats, cc_docs_admin, cc_staff, rsnt_translations
2,837
edits
Sharing data: Difference between revisions
Jump to navigation
Jump to search
→Default filesystem permissions
No edit summary |
|||
| Line 116: | Line 116: | ||
== Default filesystem permissions == | == Default filesystem permissions == | ||
Default filesystem permissions are defined by something called the [https://en.wikipedia.org/wiki/Umask <code>umask</code>]. There is a default value that is defined on any Linux system. To display the current value in your session, you can run the command | |||
{{Command|umask -S}} | |||
For example, on Graham, you would get | |||
{{Command|prompt=[user@gra-login1]$|umask -S | |||
|result=u=rwx,g=rx,o=}} | |||
This means that, by default, new files that you create can be read, written and executed by yourself, they can be read and executed by members of the group of the file, and they cannot be access by other people. '''The <code>umask</code> only applies to new files. Changing the <code>umask</code> does not change the access permissions of existing files.''' | |||
There may be reasons to define default permissions more permissive (for example, allow other people to read and execute files), or more restrictive (not allowing your group that read/execute files). Setting your own <code>umask</code> can be done either in a session, or in your <code>.bashrc</code> file, by calling the command | |||
{{Command|umask <value>}} | |||
where the <code><value></code> can take a number of octal values. Below is a table of useful options, depending on your use case : | |||
{| class="wikitable" | |||
|- | |||
! umask value !! umask meaning !! Human-readable explanation | |||
|- | |||
| 077 || u=rwx,g=,o= || Files are readable, writable and executable by the owner only | |||
|- | |||
| 027 || u=rwx,g=rx,o= || Files are readable and executable by the owner and their group, but writable only by their owner | |||
|- | |||
| 007 || u=rwx,g=rwx,o= || Files are readable, writable and executable by the owner and their group | |||
|- | |||
| 022 || u=rwx,g=rx,o=rx || Files are readable and executable by everyone, but writable only by their owner | |||
|- | |||
| 002 || u=rwx,g=rwx,o=rx || Files are readable and executable by everyone, but writable only by their owner and their group | |||
|} | |||
=== Change of the default <code>umask</code> on Cedar, Béluga and Niagara === | |||
In the summer 2019, we discovered that the default <code>umask</code> was not the same on all of Compute Canada servers. In the fall of 2019, we will be changing the default <code>umask</code> on these three servers to match the one from Graham. The default <code>umask</code> will change as follow: | |||
{| class="wikitable" | |||
|- | |||
! Cluster !! <code>umask</code> before the change !! <code>umask</code> after the change | |||
|- | |||
| Béluga || 002 || 027 | |||
|- | |||
| Cedar || 002 || 027 | |||
|- | |||
| Niagara || 022 || 027 | |||
|- | |||
|} | |||
This will mean that more restrictive permissions will be enforced on newly created files. If you need more permissive permissions for your workflow, you can change your default <code>umask</code> in your <code>.bashrc</code>. Our general advise is however to keep the default permissions. | |||
'''Note that while this change means that files created before the change can be accessed by people who should not access them. This is because access permissions on directories such as your home or your project space have been set since the beginning to be restrictive. Even if files within a given directory can be read by anyone, unless the permissions were changed to give the ''execute'' permission on the folder to other people, files still can not be accessed by other people.''' | |||
=== Changing the permissions of existing files === | |||
If you want to change the permissions of existing files to match the new default permissions, you can use the <code>chmod</code> command as follow: | |||
{{Command|chmod g-w,o-rx <file>}} | |||
or, if you want to do it for a whole directory, you can run | |||
{{Command|chmod -R g-w,o-rx <directory>}} | |||
== Access control lists (ACLs) == <!--T:10--> | == Access control lists (ACLs) == <!--T:10--> | ||