Managing your Group Directory
Your research group should have been assigned at least one directory for long-term storage of data, typically in a directory:
/ifs/groups/myrsrchGrp
Linux Permissions
Linux files and directories have user-based permission groups. Permissions are granted to owner (a.k.a. user), group, or other.
Ownership
If you do "ls -l
" while in the group directory, you may see something
like:
total 256
drwxr-sr-x 4 myname myrsrchGrp 53 Mar 10 11:20 ARCHIVE
drwxr-sr-x 3 alfred myrsrchGrp 28 Jun 15 2021 alfred
drwx------ 3 myname myrsrchGrp 24 Mar 31 2021 myname
drwxrwsr-x 4 myname myrsrchGrp 57 May 3 12:45 software
-rw-rw-r-- 1 myname myrsrchGrp 4 May 4 12:04 somefile.txt
The 1st column shows permissions, which we will go into detail below.
The 3rd column, which shows "myname" and "alfred", indicates the "user" (or owner).
The 4th column, which shows "myrsrchGrp", indicates the "group".
The 6th through 8th columns show the timestamp (either date and time, or date and year depending on age of the file or directory).
The 9th column shows the name of the file or directory.
See the man page for "ls
" for more detail.
Permissions
The first column shows the permissions on the directories:
drwxr-s-r-x
Here, the first character "d" indicates a directory. In the example, there are 4 directories shown in the listing.
The next set of 9 characters indicate the permissions. These are grouped into sets of 3.
- the first set is for the owner (user)
- the second set is for the group (i.e. users belonging to the group myrsrchGrp)
- the third set is for others (i.e. not the owner, and other users not belonging to myrsrchGrp)
The meanings of the characters are:
- "-" = no permissions (cannot read, cannot write, cannot execute)
- "r" = permission to read
- "w" = permission to write
- "x" =
- for files, "x" means permission to execute (e.g. a program, or a script)
- for directories, "x" means permission to list the directory and to "cd" into it
- "s" in the group column of a directory means any new file or directory created in that directory would have its group set to the group of that top-level directory; in this case, any new files or directories created in the "ARCHIVE" directory would have the group set to "myrsrchGrp". This setting is called the "setgid bit" (said "set gee eye dee bit"). Further, subdirectories will inherit the "s" (setgid bit).
For more detail, see Jack Wallen's article at Linux Foundation.[1]
Changing permissions
Permissions on files and directories can be changed only by their owners, i.e. the user listed in column 3 of the "ls -l" output.
To grant permission, you would specify "u" (user or owner), "g" (group), or "o" (other) and the permission to grant with a "+". E.g.
[myname@picotte001 myrsrchGrp]$ ls -l somefile.txt
-rw-rw-r-- 1 myname myrsrchGrp 6 May 4 12:06 somefile.txt
[myname@picotte001 myrsrchGrp]$ chmod o+w somefile.txt
[myname@picotte001 myrsrchGrp]$ ls -l somefile.txt
-rw-rw-rw- 1 myname myrsrchGrp 6 May 4 12:06 somefile.txt
To remove permission, you would use "-" instead. E.g.
[myname@picotte001 myrsrchGrp]$ ls -l somefile.txt
-rw-rw-rw- 1 myname myrsrchGrp 6 May 4 12:06 somefile.txt
[myname@picotte001 myrsrchGrp]$ chmod o-w somefile.txt
[myname@picotte001 myrsrchGrp]$ ls -l somefile.txt
-rw-rw-r-- 1 myname myrsrchGrp 6 May 4 12:08 somefile.txt
You can also specify more than one user class, e.g.
chmod ugo+x somedirectory
chmod go-rw somefile.txt
Numeric permissions
The permissions are actually a binary number. Recall binary numbers use base 2. So, a 3-digit binary number would be something like:
101
2
= 1*2
2
+ 0*2
1
+ 1*2
0
= 4 + 0 + 1 = 5
The permissions have 3 places, e.g. rwx, corresponding to the places in binary numbers. The first place corresponds to 22, the second to 21, and the third to 20.
So, we can translate the permissions to a binary number, and then to a normal decimal number (technically, we need only octal because the value is no more than 22 + 21 + 20 = 7). A "1" (one) means the permission is present; a "0" (zero) means the permission is not present.
rwx = 4 + 2 + 1 = 7
rw- = 4 + 2 + 0 = 6
r-- = 4 + 0 + 0 = 4
--- = 0 + 0 + 0 = 0
r-x = 4 + 0 + 1 = 5
So, if you want a file to have permissions "rw-rw-r--", that translates
to a set of 3 octal numbers: 664. Rather than using chmod
multiple
times as in the previous section, you can do:
[myname@picotte001 myrsrchGrp]$ ls -l otherfile.txt
-r-------- 1 myname myrsrchGrp 0 May 4 12:24 otherfile.txt
[myname@picotte001 myrsrchGrp]$ chmod 664 otherfile.txt
-rw-rw-r-- 1 myname myrsrchGrp 0 May 4 12:24 otherfile.txt
umask
Upshot: most users will want their umask to be “0002
”.
The "umask
" is a per-user setting which defines the default
permissions on any new files or directories which are created. The value
of umask can be seen by issuing the umask command:
[juser@picotte001 ~]$ umask
0022
This should be thought of as a set of 4 octal numbers.
The value 2 = 21 which is the 2nd place in the binary number representing permissions. It removes ("masks out") the "w" (write) permissions from the created file or directory.
We ignore the first digit in the 4-digit umask in this article, and only consider the 3 last digits.
The value "0000" is the most permissive:
- new files will have permissions "rw-rw-rw"
- new directories will have permissions "rwxrwxrwx"
The value "0022" (default) means:
- new files will have permissions "rw-r--r--"
- new directories will have permissions "r-xr-xr-x"
The value "0002" means:
- new files will have permissions "rw-rw-r--"
- new directories will have permissions "rwx-rwx-r-x"
As mentioned above, the setgid bit will be inherited by any new directories created. And any new files created in a directory with the setgid bit would have the group of that parent directory.
Access Control Lists (ACLs)
Certain filesystems (local disk, NFSv4, etc.) may have more fine-grained
permissions mechanisms called Access Control Lists (ACLs). However, on
the /ifs
filesystem on Picotte, we use NFSv3[2] for performance
reasons, and it does NOT support ACLs.
References
[1] The Linux Foundation: Classic SysAdmin: Understanding Linux File Permissions