You are here: start » en » doku » computerservices » data_sharing

Table of Contents

data sharing

right management in generell

Unix rights are in general set up with the chomd. You can display them with 

ls -la

. Thereby the format of the entries is the following order:

  1. First the type of the object is specified by a symbol. The d stands for the directories, l for the symbolic link and - for the files.
  2. After that there is a block of three symbols for the rights of the user.
  3. The block consists of the following symbols:
    1. Does the user have reading rights (r) or not (-)?
    2. Does the user have writing rights (w) or not (-)?
    3. Is the user able to execute (x) the file or not (-)?

Important: If a directory doesn't have thee x its also not readable, because to do so there must be an execution of a command (ls, cp, …) on the directory.

  1. The next triple-block include the same rights for the assigned group (rwx, look above)
  2. The third triple-block states the rights for all users (also rwx, look above)
  • an example:
ls -la /home/myuser/test
total 10
drwxr-xr-x    3 myuser   student       512 2005-02-18 14:29 .
drwxr-xr-x  124 myuser   student      6656 2005-02-18 14:28 ..
drwxr-xr-x    2 myuser   student       512 2005-02-18 14:29 somedir
-rw-rw-r--    1 myuser   student         0 2005-02-18 14:29 somefile
lrwxrwxrwx    1 myuser   student         8 2005-02-18 14:29 somelink -> somefile

Here all objects belong to the user myuser and the group student whereby the file somefile and so also the symlink somelink are writeable by every member of the group. Everybody is allowed to read everything, but only if all directories in the directory hierarchy to the current are read- and executable for the user. If you want to restrict these rights for a certain group of users, ACLs come along.

The set up and changing of the rights has the form Who, Withdraw/Give (+/-), Which: 

chmod go-r /home/myuser/test/somefile
chmod g+w /home/myuser/test/somedir

These commands withdraw the rights for reading on the file somefile for the group and the rest in the first step and in the second step the writing rights for the group on somedir. Rights can be set by the specification of values: 

chmod 644 /home/myuser/test/somefile
chmod 755 /home/myuser/test/somedir

The commands above set the rights for somefile for the reading/writing of the owner and the reading for everybody else. The values are specified by octal numbers. The order is: owner, group, rest where the values for reading (4), writing (2) and execute (1) add up.

Other then in Windows-system the file is executable precisely when the user has the unix-rights to do so, unattached by the file extension.

ACLs

Aside from the unix-rights in practice of the pool computers what also matters are the ACLs.

Concerning directories the right to execute means that you are allowed to change directories. In Symlinks (to be created with ln -s) all rights are “set” because all if its rights are deducted from the linked objects.

ACLs

Access Control Lists (ACLs) allow a more fine-granted right assignment then the classical unix-rights. It's e.g. possible to give or withdraw individual users rights for files and directories.

ACLs can be found e.g. as part of Microsofts filesystem NTFS but also in Sparc/Solaris in the form of UFS. The necessary commands there are getfacl and setfacl

For a generell tutorial in ACLs (as well a short tutorial for an introduction in CVS-repositiories like described below) take a look e.g. in the EiSE ACL tutorial. To allow it certain other users the access on the home directory (which is necessary for CSV) you have to do the following steps for every user (“someuser” is the particular user:) and check the outcome at the end using getfacl: 

setfacl -m u:someuser:rx ~
setfacl -m u:someuser:rwx ~/myproject
getfacl ~

Note: The wave or tilde ~ is a placeholder for your own home directory.

The first command will allow the user “someuser” to enter the home directory the second gives the user writing permission on “myproject”.

If you want that new files and directories also have the rights of their parent directory you have to use the setfacl command again with some little modification:

With 

setfacl -d u:someuser project

the rights which were granted via ACL for some user on project will be deleted.

Files or directories with ACL-entries will be marked with ls -al marked with +: 

-rw-rw-r--+ 1 myself mygroup [...] project
-rw-r----- 1 myself mygroup [...] some_private_stuff

If you want to set up the rights for newly created files in a directory (default permissions) you can do it that way (exclusive access for the owner): 

setfacl -d -m u:someuser:rwx ~/myproject

For more questions use 

man setfacl

.

, ,

Trace: data_sharing

In Other Languages
Translations of this page: