Linux file permissions control access to who can see your files and what they can do to them on the Shared Computing Cluster (SCC).
By default, any file you create in your home directory will only be accessible by you because your home directory itself is only accessible to you. Files of students in classes using class.bu.edu and others who have a public_html/ directory will be more open to the world reading.
By default, files you create in Project Disk Space will be readable but not writable by the members of your project group. They will not be accessible to other users on the system at all. These settings can be changed, some directly by you, others only by RCS systems administrators at the request of the Lead Project Investigator (LPI) for the project.
Introduction to Linux File Permissions
The SCC is a large cluster with thousands of user and hundreds of groups/projects. Some people are working alone and wish only themselves to be able to do anything with their files. Others are working with their group and want everyone in the group to be able to fully view and edit their files. Others have files/programs that they want to let everyone on the entire SCC read/run. Linux file permissions allow for all of these cases; they do not generally allow for more specialized things like just sharing a file with a specific one or a few other people.
The way this issue is handled is that each file/directory has an owner, is connected with a particular group/project, and has a set of permission bits controlling who can see the file/directory. You can also only ever see/modify a file if you also have the ability to access the directory containing it and all directories up to the root of the filesystem represented by /. You specifically need ‘execute’ permission to the containing directories but will almost always also need ‘read’ permissions as well.
File Permission Bits Details
You can see the information about a file by using the ls -l command:
scc1% ls -l testfile
-rw-r--r-- 1 aarondf scv 0 Apr 1 15:49 testfile
TUUUGGGWWW USER GROUP FILENAMEThe green is a comment to help explain this and not actually seen on the screen. The USER (u) is the owner of the file; usually the person who created it. The GROUP (g) is the group-owner of the file. This will usually be set to your default group which is the first group listed if you run the groups command.
The 10 characters indicated by TUUUGGGWWW are what is important here. The first character, T in the comment, indicates the type of file, “-” for a normal file, “d” for a directory, and there are other possibilities. The next nine characters are the “permission bits”, divided into three groups of three characters. The first three represent what the User (u) can do to the file, the second three indicate what the members of the Group (g) (‘scv’ in this example) can do to the file, and the last three indicate what the rest of the users on the system (the world – w) can do to the file. In each group, a letter (either r, w, or x) indicates that user/group/world can do that action and a hyphen “-” indicates they can not do that action. The three actions are Read (r), Write/Modify (w), and Execute/Run/Open a directory (x). In the given example, anyone can read the file but only the owner (aarondf) can write/modify it.
The command to change the permissions on an existing file/directory or set of files is chmod, the page for which also explains these permission bits in more detail.
SCC Defaults and Adjusting them
When you create a new file on the SCC, the permissions it is set to are based on your umask, which is usually set in your .bashrc file in your home directory. The default setting is umask 022. This gives full access to the owner of the file and read and execute access to all others on the system.
However, as indicated above, this is limited based on the containing directories. The default setting for your home directory is that only you have any access to it (those using class.bu.edu or who otherwise have a public_html/ directory set up are a bit more open in that they have world-execute permissions set to allow serving of web pages from their home directories). As such, even though others probably have permissions to access the files contained there, they can’t get to the directory so actually can’t do so. With Project Disk Space, the default is that group members have read and write access to the top-level directories for each group (such as /projectnb/testgroup/ or /restricted/projectnb/testgroup/) but the rest of the SCC does not. As such, generally if you create a file in Project Disk Space, it will be readable but not writable by your group members and not accessible at all by other people on the SCC.
For projects that do wish to make their files accessible to the rest of the SCC, the Lead Project Investigator (LPI) can request that we change this default. There is more information on this but note that /restricted directories can not be opened up beyond their group members.
A reasonable number of users may want to change their umask from the 022 default by editing their .bashrc file in their home directory. If you change the value to 077 then only you will have any access to new files you create, regardless of where they are. You might also want to change the value to 007. This will make it so that your project members can write/edit/delete the files/directories you create in Project Disk Space. Remember, though, that umask is a global setting for each user on the system. Changes to it will adjust the permissions for all files you create thereafter, regardless of where you create them.
If you change your umask, you will then need to either log out and back in or run the command source ~/.bashrc to have that change take effect.
Common Example File Permission Adjustments
Using chmod
Make an entire directory and it’s contents be group-writable in Project Disk Space so that your fellow group members can edit/delete all of the files.
# Go to the directory
scc1% cd /projectnb/testgroup/mydir
# Make the directory itself group-writable
scc1% chmod g+w .
# Make all of the contents of the directory group-writable
scc1% chmod -R g+w *Note that if any of the contents of the directory are not owned by you, their permissions will not be changed as you can only change permissions on files you own.
Make a file or directory only accessible by you.
scc1% chmod go-rwx /projectnb/testgroup/mydir_or_fileUsing umask 🔗
Make it so that all files you create going forward are only accessible by yourself, unless you change the permissions later. The command to do this is umask 077 You will likely need to edit the .bashrc file in your home directory to make this change.
Make it so that all files you create going forward are group-writable, unless you change the permissions later. The command to do this is umask 007 You will likely need to edit the .bashrc file in your home directory to make this change.
If you change your umask, you will then need to either log out and back in or run the command source ~/.bashrc to have that change take effect.