Computing

User Tools

Site Tools

Trace:
groupdatadirs

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
groupdatadirs [2016/07/27 20:43]
mgstauff [Sharing Your Data Using ACL's] 		groupdatadirs [2017/05/30 18:34] (current)
mgstauff [Sharing Your Data Using ACL's]
Line 2: Line 2:
 ===== Don't Make Data World-Readable! ===== ===== Don't Make Data World-Readable! =====
  
-Users often need to share data with collaborators. It's tempting to simply do ''chmod +/data/my-data'' (or similar) to make the data 'world-readable' so that anyone on the cluster can read it. In linux terms, this means changing the 'other' permissions to read. But this generally isn't safe and should **definitely not be done with HIPAA-protected data.**+Users often need to share data with collaborators. It's tempting to simply do ''chmod +rx /data/my-data'' (or similar) to make the data 'world-readable' so that anyone on the cluster can read it. In linux terms, this means changing the 'other' permissions to read. **But this generally isn't safe and should definitely not be done with HIPAA-protected data.**
  
 Even **worse** is to make your data world-writable, meaning anyone on the cluster can delete it or change it. Even **worse** is to make your data world-writable, meaning anyone on the cluster can delete it or change it.
Line 8: Line 8:
 There are good alternatives to making data and data directories world-readable and world-writable. Keep reading... There are good alternatives to making data and data directories world-readable and world-writable. Keep reading...
  
 +===== Quickly Share Some Data within the Cluster =====
 +
 +There's an easy script for you to use - search for ''cfn-share-data'' below.
 ===== Linux Permissions - Important to Understand ===== ===== Linux Permissions - Important to Understand =====
  
Line 23: Line 26:
  
   * Shared Directories - generally for longer-term sharing with an established group and collaborators.   * Shared Directories - generally for longer-term sharing with an established group and collaborators.
 +    * More details below
     * PROS:     * PROS:
       * easy to see ownership and permissions from regular linux ''ls -l'' command       * easy to see ownership and permissions from regular linux ''ls -l'' command
Line 32: Line 36:
     * PROS:     * PROS:
       * no setup needed from CfN sysadmins       * no setup needed from CfN sysadmins
-      * there's an easy script for you to use - see ''cfn-share-data'' below+      * **there's an easy script for you to use - see ''cfn-share-data'' below**
       * good for quick sharing       * good for quick sharing
       * easy to use for fine-tuned permissions settings (e.g. give one user read-only permission, another write permissions for the same directory)       * easy to use for fine-tuned permissions settings (e.g. give one user read-only permission, another write permissions for the same directory)
       * fine-tuned permissions can make it easier to protect against large amounts of data being accidentally deleted or changed by one user with permissions to a group directory       * fine-tuned permissions can make it easier to protect against large amounts of data being accidentally deleted or changed by one user with permissions to a group directory
     * CONS:     * CONS:
 +      * **NOTE** you can't directly use ''getfacl'' and ''setfacl'' from ''chead'' or from compute nodes on the ''/data/'' directories. This is because we use NFSv4 which is incompatible. See the ''cfn-share-data'' script below, which uses ssh calls.
       * viewing permissions requires ''getfacl'' command instead of just ''ls -l''       * viewing permissions requires ''getfacl'' command instead of just ''ls -l''
       * easier to forget that or how something is shared because of above issue       * easier to forget that or how something is shared because of above issue
 +
   * PUBLIC directory and other shared groups   * PUBLIC directory and other shared groups
     * We've created a PUBLIC directory in everyone's data directory that we suggest you use for sharing files or data that are safely shared with everyone on the cluster. You can also create symlinks here to other files that are world-readable.     * We've created a PUBLIC directory in everyone's data directory that we suggest you use for sharing files or data that are safely shared with everyone on the cluster. You can also create symlinks here to other files that are world-readable.
Line 91: Line 97:
  
 ===The Quick Way to Use ACLs === ===The Quick Way to Use ACLs ===
-We've created a script on the cluster (chead and nodes) for easily sharing data using ACLs:+We've created a script on the cluster (chead and nodes) for easily sharing data and viewing ACLs:
  
   cfn-share-data   cfn-share-data
-   + 
-This script should be in your search path. If not, look in ''/share/admin/'' \\ +  This script should be in your search path. If not, look in ''/share/admin/'' 
-Run the script with no parameters to print instructions.+  Run the script with no parameters to print instructions and get a few examples. 
 +  * __This script will be prompt you for your password__ - this is normal. It's using ''ssh'' under the hood to get/set ACLs.
  
 __To clear all ACL's__ from a file or directory (and its sub-directories), run this command: __To clear all ACL's__ from a file or directory (and its sub-directories), run this command:
  
-  setfacl -Rb <directory-or-file-to-clear>+  cfn-share-data -c <directory-or-file-to-clear>
  
 ====More detailed info on ACLs==== ====More detailed info on ACLs====
groupdatadirs.1469652186.txt.gz · Last modified: 2016/07/27 20:43 by mgstauff

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki