Changes between Version 2 and Version 3 of access/AccessFS


Ignore:
Timestamp:
Oct 26, 2016 5:04:48 PM (4 years ago)
Author:
Martin Dix
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • access/AccessFS

    v2 v3  
    4545
    4646= File access control lists =
     47
     48File access control lists allow finer grained control than the normal unix user, group and other permissions. They're used here to ensure that all access users (members of the access group at NCI) can use files in ~access and that the several members of the access.admin group can maintain the directories.
     49
     50As an example for a particular file
     51{{{
     52% ls -l ~access/data/ancil/access_v2/qrparm.mask
     53-rw-rw-r--+ 1 saw562 access.admin 245760 Apr 20  2011 /projects/access/data/ancil/access_v2/qrparm.mask
     54
     55% getfacl ~access/data/ancil/access_v2/qrparm.mask getfacl: Removing leading '/' from absolute path names
     56# file: projects/access/data/ancil/access_v2/qrparm.mask
     57# owner: saw562
     58# group: access.admin
     59user::rw-
     60group::rwx                      #effective:rw-
     61group:access:r-x                #effective:r--
     62group:access.admin:rwx          #effective:rw-
     63mask::rw-
     64other::r--
     65}}}
     66
     67Default FACL settings for directories should mean that all files created in ~access have read/write permission for the access.admin group and read permission for the access group.
     68
     69If you have problems with file permissions send a message to access_help.
     70
     71== FACLs and /short/PROJECT and /home ==
     72
     73The /short/$PROJECT directories normally have read permission only for project members which can make wider collaboration difficult. The CSIRO p66 and BOM dp9 projects have used FACLs so that all access members can see the top level directories. Individual users then have the option of making their /short/PROJECT/USER directories more open.
     74
     75Note that this doesn't affect permissions of directories that have more restrictive file permissions like {{{$HOME/.ssh}}}. **CHECK HOW THIS WORKS.**
    4776
    4877= User file system =