Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
habrok:data_management:sharing_data [2026/06/19 11:06] – [General description] fokkehabrok:data_management:sharing_data [2026/06/19 11:09] (current) – [File system access control lists for read-only groups] fokke
Line 66: Line 66:
 The first set of ''rwx'' is for the owner (''user1'' or ''user2'' in the example), the second set is for the group ''hb-public-courses'', the third set is for anybody else on the system.  The first set of ''rwx'' is for the owner (''user1'' or ''user2'' in the example), the second set is for the group ''hb-public-courses'', the third set is for anybody else on the system. 
  
-**Note that all top level directories for private and group directories on the cluster are set to be unreadable and unwritable by anybody except the group**, which means that the files and directories inside can only be accessed by group members. This even though the files inside may have read, write or execute permissions for "others". The group can be your private group (based on p- or s-number), containing a single user, or a shared group in the case of shared directories. +**Note that all top level directories for private and group directories on the cluster are set to be unreadable and unwritable by anybody except the group, which means that the files and directories inside can only be accessed by group members.** This even though the files inside may have read, write or execute permissions for "others". The group can be your private group (based on p- or s-number), containing a single user, or a shared group in the case of shared directories.  
 + 
 +For giving certain users read-only access to data we can make use of ACLs to allow a specific group access to a directory. See below for more details.
  
  
Line 152: Line 154:
 ==== File system access control lists for read-only groups  ===== ==== File system access control lists for read-only groups  =====
  
-The permission system described above can only handle a single user and group. If multiple groups need access to data, file system access control lists (ACLs) must be used. These give an additional set of controls on the access rights of files and directories. +The permission system described above can only handle a single user or group. If multiple groups need access to data, file system access control lists (ACLs) must be used. These give an additional set of controls on the access rights of files and directories. 
  
 Setting the correct rights on the top level group directory, using an ACL for the read-only group, is sufficient to prevent the other cluster users from accessing the files and directories inside. Because the ACL system is quite complex, it is better to manage the rights for the other read-only group using the standard permissions for "other" users. This prevents data managers from having to understand the complex ACL system. Setting the correct rights on the top level group directory, using an ACL for the read-only group, is sufficient to prevent the other cluster users from accessing the files and directories inside. Because the ACL system is quite complex, it is better to manage the rights for the other read-only group using the standard permissions for "other" users. This prevents data managers from having to understand the complex ACL system.