File permissions control access to files on the HPC filesystems, which use the using standard Linux file permissions.
The permissions of files in a directory can be viewed using:
For each file this will print:
- a character indicating the file type: - for a file, + for a directory
- three characters indicating the owner permissions for the file: r for read, w for write, x for execute, s for the setuid bit, or - otherwise
- three characters indicating the group permissions for the file: r for read, w for write, x for execute, s for the setgid bit or - otherwise
- three characters indicating the other permissions for the file: r for read, w for write, x for execute, t for the sticky bit or - otherwise
- a + character if discretionary access control lists provide additional access, where the getfacl command can provide futher details
- the number of hard links to the file
- the owner of the file
- the group of the file
- the size of the file in bytes
- the timestamp that the file was last modified
- the name of the file
Do not set any of your directories to be world-readable. This has the risk that every user on the supercomputer can read the data, even if for a short time.
Group Permissions for HPC Filesystems
Quotas for project group filesystems such as /group are for the project rather than individual user accounts, and files must belong to the appropriate group to be created in or copied to a project /group directory.
If you encounter a write error, compiler error, or file transfer error on /group, then it is most likely that this is because the files are counting against your personal group quota rather than your project's group quota.
Common causes of this issue are moving files from /home instead of copying them, using the -a or -p flag with cp or rsync, or incorrectly configured scp clients.
Pawsey has provided a tool that allows you to fix a file and directory permissions on /group. The script fix.group.permission.sh is available in the pawseytools module (which is loaded by default).
To use it simply type the following, and replace $PAWSEY_PROJECT with the specific project code if you are on more than one project:
Note that this will only fix files and directories owned by the user executing the command (i.e. $USER), and will only work on the directory tree in /group/$PAWSEY_PROJECT.
Please be aware that this may take some time to complete, and that you can only run one instance of the script at a time.
See Setting File Permissions for some best practices on the topic.