Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Manage researcher access to files and directories (setfacl and getfacl) #870

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
+63 −4
Open

Manage researcher access to files and directories (setfacl and getfacl) #870

Changes from 7 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
315790d
setfacl and getfacl
bdu-birhanu Dec 3, 2024
fa56569
Fix typo
bdu-birhanu Dec 3, 2024
a696725
Merge branch 'main' into feat_acls
bdu-birhanu Dec 8, 2024
e7e9f11
examples of modifing ACls
bdu-birhanu Dec 9, 2024
8fb3bb5
examples of modifing ACls
bdu-birhanu Dec 9, 2024
33969fd
fix typo and formatting
bdu-birhanu Dec 9, 2024
f47f998
fix typo
bdu-birhanu Dec 10, 2024
f34c5b0
Merge branch 'main' into feat_acls
bdu-birhanu Dec 16, 2024
836abd0
addressed comments
bdu-birhanu Dec 24, 2024
3630f37
fixed typo and formatting
bdu-birhanu Dec 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 52 additions & 4 deletions docs/workflow_solutions/shell.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -608,8 +608,56 @@ To change a directory and all of its contents recursively use `chgrp -hR <new-gr

### Manage researcher access to files and directories (`getfacl`, `setfacl`)

<!-- markdownlint-disable MD046 -->
!!! construction
Access Control Lists (ACLs) provide the ability to set permissions for individual users or groups on specific files and directories.
bdu-birhanu marked this conversation as resolved.
Show resolved Hide resolved

Under construction.
<!-- markdownlint-enable MD046 -->
**Key ACl commands**:

- `getfacl`: Command to get the ACL of a file or directory.
bdu-birhanu marked this conversation as resolved.
Show resolved Hide resolved
- `setfacl`: Command to set or modify the ACL of a file or directory.

#### Viewing Current ACLs (`getfacl`)

The `getfacl` command is used to view the current ACLs set on a file or directory. When you run this command on a file, for example `test.txt`, the command `getfacl test.txt` will display detailed information about the ACLs, including who has access to the file and what permissions they have.

```bash
# file: test.txt
# owner: bhbelay
# group: rc-datasci
user::rw-
group::rw-
other::r--
```

The output shows that for the file `test.txt`, the owner is `bhbelay` and the group associated with the file is `rc-datasci`. The other lines of the output:
bdu-birhanu marked this conversation as resolved.
Show resolved Hide resolved

- `user::rw-`: specifies the permissions for the owner of the file, `bhbelay`. The owner has read (`r`) and write (`w`) permissions, but no execute permissions (`-`).

- `group::rw-`: specifies the permissions for the group associated with the file, `rc-datasci`. Members of the group have read (`r`) and write (`w`) permissions, but no execute permissions (`-`).

- `other::r--`: specifies the permissions for others (users who are neither the owner nor members of the group). Others have only read (`r`) permission, with no write or execute permissions (`--`).

#### Modifying ACLs (`setfacl`)

The `setfacl` command used to grant or restrict access to files and directories for individual users or groups. The general syntax for the `setfacl` command: `setfacl <options> <permissions> <file/directory>`.

- Options:
- `-m`: Modify ACL (add or update permissions).
- `-x`: Remove ACL.
- `-b`: Remove all ACL entries.
- `-d`: Set default ACL (applies to new files/directories).
- `-R`: Apply changes recursively.
- permissions:
- `r` read
- `w` write (change the contents)
- `x` execute

Below are examples of modifying ACLs (`setfacl`):
bdu-birhanu marked this conversation as resolved.
Show resolved Hide resolved

- Grant read and write permissions to a user with `setfacl -m u:$USER:rw- test.txt`. The `-m` flag modifies the ACL, and `u:$USER:rw-` grants read and write access to the specified user on the file `test.txt`.
bdu-birhanu marked this conversation as resolved.
Show resolved Hide resolved
- Grant read access to all users in the group, `$GROUP`, with `setfacl -m g:$GROUP:r-- test.txt`. The `g:$GROUP:r--` grants read-only (`r`) access to the group `$GROUP`.
- Remove ACL for a specific user with `setfacl -x u:$USER test.txt`. The `-x` flag removes the ACL entry for the user `$USER` on the file `test.txt`, so they `$USER` no longer have any permissions on the file `test.txt`.
- Set default permissions for a directory (i.e it will apply to new files and directories created inside this directory)with `setfacl -d -m u:$USER:rw- $DIR`. The `-d` flag sets a default ACL. Here, `u:$USER:rw-` grants read (`r`) and write (`W`) access to the user `$USER` for any new files or directories created within the `$DIR` directory ( but it does not apply to existing files in `$DIR`).
- Apply ACL changes recursively to all files and subdirectories within a directory with `setfacl -R -m u:$USER:rw- $DIR`. The `-R` flag applies the ACL changes recursively. This command grants read and write access to the user `$USER` for all files and subdirectories under `$DIR`.
- Remove all ACL entries for a file or directory with `setfacl -b test.txt`. The `-b` flag removes all ACL entries, restoring the default file system permissions to the file `test.txt`.

If you need assistance setting permissions, feel free to contact us via <[email protected]>, providing the user's BlazerID and the directory or file you wish to modify, along with the permissions you want to grant or remove.
Loading