Changing POSIX file permissions#
Be careful when changing permissions as others can accidentally get access.
This guide should not be mixed with sharing a directory by changing NFS permissions.
This guide describes how to share a subdirectory of $HPCVAULT
or $WORK
with
by adjusting POSIX file permissions with the chmod
command.
Granting read access to members of your group#
This allows all members of your group to read a subdirectory (and its content)
of $HPCVAULT
or $WORK
, in this example the directory $WORK/directory-to-be-shared
.
-
POSIX group file permissions of all parent directories up to
$WORK
must be set to traversable, i.e. the group permission must include executex
. In our example the only parent directory is$WORK
:A traversable directory means that you can access its subdirectories or files (if their permissions allow it), but cannot list the directory's content. This is achieved if the directory has only execute
x
permission. -
Grant all members of your group read access to the directory
$WORK/directory-to-be-shared
and its subdirectories:-R
: apply permissions recursively, i.e. to subdirectories and files.g
: selects your group+r
: add read permission
This might expose more files and directories as intended.
If you have subdirectories or files that have group permissions set under $WORK
and your group members can guess their names, they can also access them.
If you have for example a file $WORK/secret
that has group read permissions set and you enable
traversal for $WORK
, group members knowing that $WORK/secret
exists, can access it.
By default, directories and files are created with certain permissions. If this does not include group permissions you might have to adjust the permissions of files you created afterwards inside the shared directory.
Granting read access to other HPC users#
We discourage this method as it allows all HPC users, who know the path to the shared directory, to access it.
This gives read access to all HPC users not members of your group to a subdirectory of $HPCVAULT
or $WORK
, in this example the directory $WORK/directory-to-be-shared
.
-
POSIX other file permissions of all parent directories up to
$WORK
must be set to traversable, i.e. the others permission must include executex
. In our example the only parent directory is$WORK
:A traversable directory means that you can access its subdirectories or files (if their permissions allow it), but cannot list the directory's content. This is achieved if the directory has only execute
x
permission. -
Grant all HPC users not members of your group read access to the directory
$WORK/directory-to-be-shared
and its subdirectories:-R
: apply permissions recursively, i.e. to subdirectories and files.o
: selects all HPC users that are not members of your group+r
: add read permission
This might expose more files and directories as intended.
If you have subdirectories or files that have group permissions set under $WORK
and your group members can guess their names, they can also access them.
If you have for example a file $WORK/secret
that has group read permissions set and you enable
traversal for $WORK
, group members knowing that $WORK/secret
exists, can access it.
By default, directories and files are created with certain permissions. If this does not include other permissions you might have to adjust the permissions of files you created afterwards inside the shared directory.