Group Storage
Faculty members can request the creation of group storage directories, which allow files to be shared among multiple users. Please contact support for details.
Location
Group directories can be created on any of the cluster’s storage locations.
| Location | Path |
|---|---|
| Home storage | /home/groups/group_id |
| Distributed storage | /data/groups/group_id |
| Archival storage | /archive/groups/group_id |
Quota
Each group directory has its own disk quota.
To check the group’s disk quota, type:
scrp-quota group_id
File Permissions
Due to the way Linux file permissions work, the sub-directories and files in group storage will have different permissions, depending on how they were moved into the group directory:
- Creating new sub-directories/files directly in the folder: the group directory’s permission is applied, currently 660, meaning that group members can read and write. This is usually the desired permission.
- Copying sub-directories/files into the new folder: original permission of the file is applied. This is likely either 600, which means only the member owning the file can access the file, or 640, which means other members can only read.
- Copying sub-directories/files into the new folder with
--no-preserve=all: the operating system’s UMASK is applied. This means 640 permission. - Moving sub-directories/files into the new folder: this is the worst scenario, as the file will keeps its original group, which only contains the file owner. Other group members will not be able to read the file.
Due to the above complications, we recommend creating files directly within the shared folder if possible. If the files cannot be created inside the shared folder, copy files into the folder instead of moving them, followed by manually changing the permission to 660.
User Management
The owner of a group directory can manage access to the directory by modifying the directory’s access control list (ACL) on any node.
The owner is only be able to manage access for sub-directories and files under his or her ownership. If there are files not under the ownership of the group directory owner—which is more often than not the case—please contact support to add the new user(s) to the designated group instead.
Home and Archival Group Storage
The general syntax is:
# Get ACL
nfs4_getfacl [path-to-directory]
# Modify ACL
nfs4_setfacl [-R] [-a|-x] A:[g]:[uid/gid]:[rights] [path-to-directory]
Examples:
# Give user testuser read and execute permission
nfs4_setfacl -R -a A::$(id -u testuser):RX [path-to-directory]
# Remove testuser, who has read and execute permission
# The permission specified here must match the one shown by nfs4_getfacl
nfs4_setfacl -R -x nfs4_setfacl -R -x A::$(id -u testuser):rxtcy [path-to-directory]
# Give group myRA full access
nfs4_setfacl -R -a A:g:$(groupid myRA):RXW [path-to-directory]
# Remove group myRA, which has full access
nfs4_setfacl -R -x A:g:$(groupid myRA):rwaDxtcy [path-to-directory]
Distributed Group Storage
The general syntax is:
# Get ACL
getfacl [path-to-directory]
# Modify ACL
setfacl [-m|-x] [user|group]:[name]:[rights] [path-to-directory]
Examples:
# Give user testuser read and execute access to a directory
# and all its subdirectories
setfacl -R -m user:testuser:rx [path-to-directory]
# Give user testuser read and execute access to a directory,
# but not its subdirectories
setfacl -m user:testuser:rx [path-to-directory]
# Remove testuser
setfacl -R -x user:testuser [path-to-directory]
# Give group myRA full access
setfacl -R -m group:myRA:rwx [path-to-directory]
# Remove group myRA
setfacl -R -x group:myRA [path-to-directory]