Sharing data: Difference between revisions

Jump to navigation Jump to search

Sharing data (view source)

Revision as of 17:18, 4 September 2019

490 bytes added ,  5 years ago
→‎Default filesystem permissions: amplify role of umask wrt other chmod, setfacl, etc
(→‎Default filesystem permissions: amplify role of umask wrt other chmod, setfacl, etc)
Line 143: Line 143:
| 002 || u=rwx,g=rwx,o=rx || Files are readable and executable by everyone, but writable only by their owner and their group
| 002 || u=rwx,g=rwx,o=rx || Files are readable and executable by everyone, but writable only by their owner and their group
|}
|}
The umask is not the only thing that determines who can access a file.
* A user trying to access a file must have execute permission on all directories in the path to the file.  For example, a file might have <code>o=rx</code> permissions but an arbitrary user could not read or execute it if the parent directory does not also have <code>o=x</code> permission.
* The user trying to access a file based on its group permissions must be a member of the file's group.
* You can explicitly change the permissions on a file or directory after it is created, using <code>chmod</code>.
* Access Control Lists (ACLs) also determine who can access a file.


=== Change of the default <code>umask</code> on Cedar, Béluga and Niagara ===
=== Change of the default <code>umask</code> on Cedar, Béluga and Niagara ===
Line 159: Line 165:
This will mean that more restrictive permissions will be enforced on newly created files. If you need more permissive permissions for your workflow, you can change your default <code>umask</code> in your <code>.bashrc</code>. Our general advise is however to keep the default permissions.  
This will mean that more restrictive permissions will be enforced on newly created files. If you need more permissive permissions for your workflow, you can change your default <code>umask</code> in your <code>.bashrc</code>. Our general advise is however to keep the default permissions.  


Note that while this change means that files created before the change can be accessed by people who should not access them, it does '''not''' mean that your files are exposed. This is because access permissions on directories such as your home or your project space have been set since the beginning to be restrictive. Even if files within a given directory can be read by anyone, unless the permissions were changed to give the ''execute'' permission on the folder to other people, files still can not be accessed by other people.
Note that this change does ''not'' mean that your files have been inappropriately exposed in the past. Restrictive access permissions have been set on your home, project, and scratch directories since the beginning. Unless the permissions were changed to give ''execute'' permission on one of these folders to others, your files still cannot be accessed by other people.


=== Changing the permissions of existing files ===
=== Changing the permissions of existing files ===
Rdickson
Bureaucrats, cc_docs_admin, cc_staff
2,879

edits

Retrieved from "https://docs.alliancecan.ca/wiki/Special:MobileDiff/75949"

Navigation menu