Advanced Permissions
On the elysium cluster every user is in the default hpcuser group. For this reason it is important that you don’t set group and other permission to read/writeable. If you want to actually share files with other people there are 2 solutions.
LDAP Groups
You can request an LDAP group to be added to the cluster. https://www.it-services.ruhr-uni-bochum.de/services/ias/benutzergruppen_ldap.html.de With this you can manage a group of people that are automatically added/removed on every folder that has those group permissions.
Advanced ACLs
Linux supports ACLs which allow you to manually grant people or groups permission to read/write to shared folders. Note that this will only work on /lustre for now.
Adding permission
To grant a specific user access to a folder you can use setfacl.
Normally you don’t want to grant other users complete access to your /home or /lustre folder so here is an example workflow how to create a folder with extra permissions to share. In the example alice shares a folder with bob. In this example we share the bob-share folder in /lustre with bob.
# First give general permission to bob to access subfolders
[alice@elysium ~] setfacl -m u:bob:x /lustre/alice/
# Then set the `default` permission to read, write and execute.
# Every new file/folder in `bob-share` will inherit this
[alice@elysium ~] setfacl -d -m u:bob:rwx /lustre/alice/bob-share
# If files already existed in the share directory apply those recursively
[alice@elysium ~] setfacl -d -R -m u:bob:rwx /lustre/alice/bob-shareCheck permissions
[alice@elysium ~] ls -l /lustre/alice/
total 0
drwxrwxr-x+ 2 alice hpcuser 4096 Feb 26 16:06 bob-shareThe + shows that there are additional permissions set.
[alice@elysium ~] getfacl /lustre/alice/bob-share
getfacl: Removing leading '/' from absolute path names
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:bob:rwx
default:group::r-x
default:mask::rwx
default:other::r-xRemove permissions
To remove all ACLs recursively you could do this
setfacl -b -R /lustre/alice/bob-shareYou of course have more fine grained controls, but for every additional use case please consult the man page of getfacl/setfacl.
Please don’t open a ticket if this does not work on your home directory.