Tips: Custom file permissions at creation

Revision as of 19:45, 25 May 2022 by A.heerdegen (talk | contribs) (Add explicit instructions for home directories)

This page provides information on how to create files with group read permissions at NCI.

By default, when you create a file under /short of /g/data, the file will be readable by you and the group owning the file. So you don't need to change anything then. But there are a few cases where the default behaviour is different and you may want to change it.

PBS logs

By default, all log files from PBS are only readable by the user owning the file. You can use a PBS option to change this behaviour so your logs are readable by the user and the group owning the file:

#PBS -W umask=0022

You need to add this option either to the script you submit to the queue (with qsub) or directly to the qsub command line.

HOME directory permissions

By default your home directory is not accessible to anyone but you. If you need others to access files in your home directory you will need to give them access. If they are members of the same group. To find your home directory permissions and group:

$ ls -ld $HOME
drwx------ 36 usr123 g00 20480 May 26 09:17 /home/001/usr123

If the other user you wish to give permissions to is also a member of the same group (in this case g00) then use this command:

$ chmod g+rx $HOME

Then the permissions will reflect the change:

$ ls -ld $HOME
drwxr-x--- 36 usr123 g00 20480 May 26 09:17 /home/001/usr123

If the other user is not a member of the correct group, they can either join the project in question, or you can use Access Control Lists (ACLs).

Files created by programs

Some programs might impose a different default of the files they create which might not be what you'd like.

You have access to the source code

If you have access to the source code, it is usually possible to modify the default behaviour. What needs to be modified varies depending on the language. Please contact the CMS team if you need help.

You don't have access to the source code

You then need to add a post-processing step, for example in a bash script calling your program. You can change the permissions on the files created by your program, using the chmod command:

chmod g+r <filename>

This command can be run recursively through a directory tree:

chmod -R g+r <directory_name>

Files owned by the wrong group

If you are using compute time from several projects, you may end up with files owned by different projects in the same area. This might not be the ideal situation for you and it is possible to change the group owning the file. Note: NCI's storage accounting depends only on the group owning the files and not the project space under which the files are stored. Before changing the group owning files, please make sure the new group has enough free allocation and you will not cause that group to get over quota.

To change the group ownership of a file:

chgrp <newgroup> <filename>

Or recursively through a directory tree:

chgrp -R <newgroup> <directory_name>