ACLs and Shared Directories in the MH Linux Cluster
Written by Terrence Martin
Thursday, 29 June 2006
Creating shared directories in the MH Linux cluster using ACLS
Creating a share directory on the MH Linux cluster
The most flexible way to create a directory on the linux cluster that can be shared by all users is to use Linux ACL or access control lists.
ACLs give users very fine grained control over who can read, write or execute in a target directory. ACLs also allow you to set a default set of permissions that will be inherited by all subdirectories and files of the shared directory. Since ACLs can be fairly complex this document is meant to give a few straight forward steps for how to create a shared directory on the Mayer Hall Linux cluster, accessible by all machines that mount directories off of hepuser.ucsd.edu.
Note: All of the examples below will assume that the actions are being performed as user tmartin.
Making sure you can see the default /home/share directory
If you are on the Linux cluster you should be able to access /home/share from your linux cluster computer. If you cannot access this directory from your workstationscontact Bryan Hill or Terrence Martin to get access to this directory configured, or if you know how to use automount you can edit the /etc/auto.home file as root and add the line
share hepuser.ucsd.edu:/home/share
Then run as root run
/etc/rc.d/init.d/autofs reload
You should then be able to cd /home/share
Creating a shared directory the shared directory
The first step is to create a directory that can be shared by all users. Any directory can be shared but a special area has been created on the Linux cluster where everyone can go and create a directory they want to share. The base directory for these shares is /home/share
cd /home/share
Note: Once you are in the /home/share area you can create the base directory. This path is what you give to other users you want to share the directory. For this example I will create the directory myshare
mkdir /home/share/myshare
To see what ACLs are assigned to this directory to start you can run the getfacl command.
Once the directory is created you need to apply some default
permissions to it. These are not the actual permissions for the current directory, but are the ACL permissions that will be assigned automatically to all files and directories created in /home/share/myshare
The command used for manipulating file ACLs is called setacl
As you can see the users branson, tmartin, fkw and mpieri all have rwx permissions. The reason that tmartin is in the list is that unless you set your own users default permissions is that so any sub directories created by other users are also writeable by user tmartin. If you did not add your own user then branson could create a subdirectory that tmartin could not write into, even though tmartin owns /home/share/myshare.
3. Assigning the permissions to /home/share/myshare
Once the default permissions are assigned you can go ahead and assign the actual permissions to the /home/share/myshare directory.
As you can see now not only are branson, tmartin, fkw and mpieri assigned for the default permissions on all subdirectories and files that those same users are also able to read, write and execute (cd into) /home/share/myshare as well.
From this point any of the users on the list can create a file or directory in /home/share/myshare and any of the other users can read, write and delete that file or directory