This page documents some aspects of file permissions on Linux and some tools you can use to make files accessible to your group members or more broadly to other Savio users.
Background on Linux file permissions and file ownership
We'll start by briefly describing how to understand the permissions and ownership of files and directories using the 'long' version
[paciorek@ln002 ~]$ ls -l
-rw-r----- 1 paciorek ucb 0 May 6 16:39 file1
-rw-rw-rw- 1 paciorek ucb 0 May 6 16:39 file2
drwxr-xr-x 1 paciorek ucb 0 May 6 16:39 dir1
The first set of 10 digits shows whether an item is a directory (see the 'd' for
dir1) or not and then the read/write/execute
permissions, first for the user, then for the group and then for others. Here we see that
file1 is readable and writeable by the user, but only readable by the group and not accessible to others. In contrast
file2 is readable and writeable by everyone.
To see what groups you belong to and the permissions on your home and scratch directories, simply do this:
[paciorek@ln001 ~]$ groups
ucb savio matlab co_stat fc_paciorek
[paciorek@ln001 ~]$ ls -ld ~paciorek
drwxr-xr-x 1 paciorek ucb 65536 Apr 30 14:08 /global/home/users/paciorek
[paciorek@ln001 ~]$ ls -ld /global/scratch/paciorek
drwxr-xr-x 22 paciorek ucb 4096 Apr 10 14:47 /global/scratch/paciorek
We can see that the user belongs to a Condo group and to an FCA group, as well as to some broader groups.
Also note that your home and scratch directories are part of a generic group ('ucb');and not part of a Condo or FCA group.
Here are some links to more information on UNIX file permissions and interpreting the permission modes.
And remember you can also use
man to get help on the various commands discussed here.
Using a group directory
You can ask for a group directory in
/global/home/groups to be made available for your Condo or FCA by contacting firstname.lastname@example.org.
Any files created in the group directory will generally belong to that group and will generally be readable by the group.
To make a file writeable by the group:
chmod g+w myfile
Making files accessible to all other Savio users
Here is some template code showing how to make files in your home directory available to all Savio users. Note that for a file in a directory to be available for access, the directory in which the file lives and all directories above that need to be executable by other users. Then you can individually set permissions on files in the directory to decide which files to make accessible and whether they are readable, writeable, or executable by other users.
chmod go+X ~username # make your home directory accessible to all users
chmod go+X ~username/mydir # make a subdirectory accessible to all users
chmod go+r ~username/mydir/myfile # make the file readable by other users
# at this point other users cannot view the list of files in ~username or ~username/mydir
chmod go+r ~username/mydir # now other users can do "ls ~username/mydir"
One can make an entire set of files and directories accessible using the recursive (-R) flag:
chmod -R go+X ~username/mydir # allow access to mydir and all its subdirectories
chmod go+r ~username/mydir/myfile # now allow read access to myfile specifically
chmod -R go+rX ~username/mydir # allow read access to all files in mydir and its subdirectories
To make files in your scratch directory accessible, simply change
Making files accessible to your group members
As noted above, by default the group associated with anything in your home or scratch directory is a general group and not your FCA or condo group. So you probably first want to make a given directory owned by the (FCA or condo) group of interest. The next lines do that and ensure that future files/directories will also be in 'somegroup'.
chown username:somegroup ~username/mydir # now mydir is in 'somegroup'
chmod g+s mydir # now future files/directories created in mydir will belong to 'somegroup'
chmod -R g+s mydir # future files/directories created in any existing subdirectories will also belong to 'somegroup'
chmod go+X ~username # need to open to all users at top level since ~username is not in 'somegroup'
chmod g+rwX ~username/mydir # make the directory accessible to group members
Now if you already have files in 'mydir' that you want accessible to the group, you need to modify the files, e.g.,
chown username:somegroup ~username/mydir/myfile # make a pre-existing file owned by the group
chmod g+rw ~username/mydir/myfile # make a pre-existing file readable and writeable to the group members
For recursive changes see the commands in the previous section, but change "go" to just "g".
Now group members should be able to read, write, create, delete, and execute files within the directory.