Difference between revisions of "Tips: Custom file permissions at creation"

 
(15 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{color box |lightsteelblue|[[:Template:Stub]] This is a stub page and needs expansion}}
 
== NCI projects ==
 
The base unit for the accounting of computational and storage resources is the project. There are 2 types of projects at NCI:
 
* data projects: for published and shared datasets
 
* computational projects: for running programs
 
To have a valid login at NCI, you need to be a member of at least one computational project.
 
=== CLEx projects ===
 
CLEx is managing several computational and data projects at NCI via the CMS team. We will not list the data projects since you do not have write access to any of those. To find datasets published at NCI, please see the information on [[Data_Access|this page]]
 
  
The computational projects are split by Research Program (RP):
+
This page provides information on how to create files with group read permissions at NCI.
{| class="wikitable"
+
 
|-
+
By default, when you create a file under /short of /g/data, the file will be readable by you and the group owning the file. So you don't need to change anything then. But there are a few cases where the default behaviour is different and you may want to change it.
! Project !! RP !! Lead CI
+
 
|-
+
== PBS logs ==
| v45 || Extra-tropical variability || [mailto:andy.hogg@anu.edu.au Andy Hogg]
+
 
|-
+
By default, all log files from PBS are only readable by the user owning the file. You can use a PBS option to change this behaviour so your logs are readable by the user and the group owning the file:
| w35 || Drought || [mailto:c.carouge@unsw.edu.au Claire Carouge]
+
<syntaxhighlight lang="text">#PBS -W umask=0022
|-
+
</syntaxhighlight>
| w40 || Extreme Rainfall || [mailto:martin.jucker@unsw.edu.au Martin Jucker]
+
 
|-
+
You need to add this option either to the script you submit to the queue (with qsub) or directly to the qsub command line.
| w42 || Extreme Rainfall || [mailto:abhnil.prasad@unsw.edu.au Abhnil Prasad]
+
 
|-
+
For PBS log files that have already been created you will need to do the following:
| w48 || Tropical Variability || [mailto:dietmar.dommenget@monash.edu Dietmar Dommenget]
+
<pre>chmod g+r <filename></pre>
|-
+
 
| w97 || Heatwaves || [mailto:jason.evans@unsw.edu.au Jason Evans]
+
== HOME directory permissions ==
|}
+
 
[[Category:Stub]]
+
By default your home directory is not accessible to anyone but you. If you need others to access files in your home directory you will need to give them access. If they are members of the same group. To find your home directory permissions and group:
 +
<syntaxhighlight lang="text">$ ls -ld $HOME
 +
drwx------ 36 usr123 g00 20480 May 26 09:17 /home/001/usr123
 +
</syntaxhighlight>
 +
 
 +
If the other user you wish to give permissions to is also a member of the same group (in this case g00) then use this command:
 +
<syntaxhighlight lang="text">$ chmod g+rx $HOME
 +
</syntaxhighlight>
 +
 
 +
Then the permissions will reflect the change:
 +
<syntaxhighlight lang="text">$ ls -ld $HOME
 +
drwxr-x--- 36 usr123 g00 20480 May 26 09:17 /home/001/usr123
 +
</syntaxhighlight>
 +
 
 +
If the other user is not a member of the correct group, they can either join the project in question, or you can use [[Useful_resources|Access Control Lists (ACLs)]].
 +
 
 +
== Files created by programs ==
 +
 
 +
Some programs might impose a different default of the files they create which might not be what you'd like.
 +
 
 +
=== You have access to the source code ===
 +
 
 +
If you have access to the source code, it is usually possible to modify the default behaviour. What needs to be modified varies depending on the language. Please contact [mailto:cws_help@nci.org.au the CMS team] if you need help.
 +
 
 +
=== You don't have access to the source code ===
 +
 
 +
You then need to add a post-processing step, for example in a bash script calling your program. You can change the permissions on the files created by your program, using the <code>chmod</code> command:
 +
 
 +
chmod g+r <filename>
 +
 
 +
This command can be run recursively through a directory tree:
 +
 
 +
chmod -R g+r <directory_name>
 +
 
 +
=== Files owned by the wrong group ===
 +
 
 +
If you are using compute time from several projects, you may end up with files owned by different projects in the same area. This might not be the ideal situation for you and it is possible to change the group owning the file. '''Note:''' NCI's storage accounting depends only on the group owning the files and not the project space under which the files are stored. '''Before changing the group owning files, please make sure the new group has enough free allocation and you will not cause that group to get over quota.'''
 +
 
 +
To change the group ownership of a file:
 +
 
 +
chgrp <newgroup> <filename>
 +
 
 +
Or recursively through a directory tree:
 +
 
 +
chgrp -R <newgroup> <directory_name>
 +
 
 +
[[Category:Data]]

Latest revision as of 00:14, 31 May 2022

This page provides information on how to create files with group read permissions at NCI.

By default, when you create a file under /short of /g/data, the file will be readable by you and the group owning the file. So you don't need to change anything then. But there are a few cases where the default behaviour is different and you may want to change it.

PBS logs

By default, all log files from PBS are only readable by the user owning the file. You can use a PBS option to change this behaviour so your logs are readable by the user and the group owning the file:

#PBS -W umask=0022

You need to add this option either to the script you submit to the queue (with qsub) or directly to the qsub command line.

For PBS log files that have already been created you will need to do the following:

chmod g+r <filename>

HOME directory permissions

By default your home directory is not accessible to anyone but you. If you need others to access files in your home directory you will need to give them access. If they are members of the same group. To find your home directory permissions and group:

$ ls -ld $HOME
drwx------ 36 usr123 g00 20480 May 26 09:17 /home/001/usr123

If the other user you wish to give permissions to is also a member of the same group (in this case g00) then use this command:

$ chmod g+rx $HOME

Then the permissions will reflect the change:

$ ls -ld $HOME
drwxr-x--- 36 usr123 g00 20480 May 26 09:17 /home/001/usr123

If the other user is not a member of the correct group, they can either join the project in question, or you can use Access Control Lists (ACLs).

Files created by programs

Some programs might impose a different default of the files they create which might not be what you'd like.

You have access to the source code

If you have access to the source code, it is usually possible to modify the default behaviour. What needs to be modified varies depending on the language. Please contact the CMS team if you need help.

You don't have access to the source code

You then need to add a post-processing step, for example in a bash script calling your program. You can change the permissions on the files created by your program, using the chmod command:

chmod g+r <filename>

This command can be run recursively through a directory tree:

chmod -R g+r <directory_name>

Files owned by the wrong group

If you are using compute time from several projects, you may end up with files owned by different projects in the same area. This might not be the ideal situation for you and it is possible to change the group owning the file. Note: NCI's storage accounting depends only on the group owning the files and not the project space under which the files are stored. Before changing the group owning files, please make sure the new group has enough free allocation and you will not cause that group to get over quota.

To change the group ownership of a file:

chgrp <newgroup> <filename>

Or recursively through a directory tree:

chgrp -R <newgroup> <directory_name>