File Permissions

Home Directories

Access to data (i.e. files and directories) on NeSI is controlled by Access Control Lists (ACLs).

Default permissions differ by filesystem.

  1. Each user has their own private user group.
  2. By default home directories belong to that user's account and are not accessible by other users.
  3. The default permissions mode for home directories is 2700, i.e.
    1. Sticky bit is set (so permissions are inherited)
    2. Owner has read, write and execute
    3. Group has no permissions
    4. Other has no permissions

Project Directories

  1. Projects are granted two directories by default
    1. a persistent directory in /nesi/project
    2. a scratch directory in /nesi/nobackup
  2. Project directories are group directories, i.e. a directory that is shared by all members of a group
  3. The Project's Project Owner (PO) is responsible for specifying and approving who has what access to a Project Directory:
    1. Currently via support requests to NeSI Support.
    2. In the future via My NeSI.

Group Directories

  1. All users belonging to a group are able to read and write in the group directory
  2. By default group directories belong to root and the group, but are not accessible by other users
  3. Read-only access can be granted to a group directory on a per user basis, or by creating a Reader Group which will granted Read Only access.
  4. Wider access can be granted if approved by the Project's PO
  5. Default permissions mode for group directories is 2770, i.e.
    1. Sticky bit is set, so permissions are inherited
    2. Owner has read, write and execute
    3. Group has read, write and execute
    4. Other has no permissions

For an overview of the NeSI filesystems see: NeSI Filesystems and Quotas

Was this article helpful?
0 out of 0 found this helpful