1. Introduction

CRSP has many (and sometimes competing) goals for access, sharing, security, manageability, and simplicity for researchers. One of the technical complexities of CRSP is that the underlying file system and access enforcement mechanisms are defined in Linux, but most access is from Mac and Windows environments.

In what follows, we will use the term file to mean file, folder, or directory. Linux (Unix) controls read and write access to each file independently for three different entities.

  • The owner of the file. This is the UCNetID that originally created the file

  • The group for file. A grouping of UCNetIDs who might have access to this file

  • The world (or others). Everyone else on CRSP

In CRSP lab areas, the world is given no privilege to read or write files in any lab. Sharing is therefore controlled by group permissions and who is a member of the particular group.
Owners of files may make their files explicitly private by removing all read/write permissions from group and world

2. Default Setup for Labs

In the following, we will use the ppapadop lab as an example, lab members are UCNetIDs: jfarran, itoufiqu, and schiano. We call these users as addons since they have been added to the lab. Addons can be any UCNetID

There two Unix groups pre-defined for all labs. The <pi> is the owner of the space (in this case, ppapadop is the <pi>)

  • <pi>_lab: Only the lab owner is in this group (e.g., ppapadop_lab)

  • <pi>_lab_share: All members of the lab (including the PI) are in this group (e.g., ppapadop_lab_share)

2.1. Example Lab

This shows the ppapadop lab on CRSP with members: itoufiqu, jfarran, schiano. Notice that everyone in the lab has a folder named by UCNetID that is private to them and the PI. In other words, user ppapadop can see all files, but user itoufiqu can only see files in the itoufiqu and share folders. _

Example lab top-level folder

571

The following graphic annotates the sharing with the user jfarran and itoufiqu as example users.

Example lab top-level folder (annotated)

571

2.2. Understanding and Inspecting Permissions

We will look at the permissions of an Addon User. In the following, the permissions are brought up by right-clicking the folder and inspecting the properties of the file/folder.

Example addon user jfarran 579

Directory Permissions 539

Notice that owner and group permissions are read/write/executable. This is correct. World or other permissions indicate no permission given to others.

RCIC website is built%20with Asciidoctor orange

Page was last updated 2019-06-10 13:11:11 -0700