Sharing Explained for Labs
CRSP has many (and sometimes competing) goals for access, sharing, security, manageability, and simplicity for researchers. One of the technical complexities of CRSP is that the underlying file system and access enforcement mechanisms are defined in Linux, but most access is from Mac and Windows environments.
In what follows, we will use the term file to mean file, folder, or directory. Linux (Unix) controls read and write access to each file independently for three different entities.
The owner of the file. This is the UCNetID that originally created the file
The group for file. A grouping of UCNetIDs who might have access to this file
The world (or others). Everyone else on CRSP
|In CRSP lab areas, the world is given no privilege to read or write files in any lab. Sharing is therefore controlled by group permissions and who is a member of the particular group.|
|Owners of files may make their files explicitly private by removing all read/write permissions from group and world|
In the following, we will use the ppapadop lab as an example, lab members are UCNetIDs: jfarran, itoufiqu, and schiano. We call these users as addons since they have been added to the lab. Addons can be any UCNetID
There two Unix groups pre-defined for all labs. The <pi> is the owner of the space (in this case, ppapadop is the <pi>)
<pi>_lab: Only the lab owner is in this group (e.g., ppapadop_lab)
<pi>_lab_share: All members of the lab (including the PI) are in this group (e.g., ppapadop_lab_share)
This shows the ppapadop lab on CRSP with members: itoufiqu, jfarran, schiano. Notice that everyone in the lab has a folder named by UCNetID that is private to them and the PI. In other words, user ppapadop can see all files, but user itoufiqu can only see files in the itoufiqu and share folders. _
The following graphic annotates the sharing with the user jfarran and itoufiqu as example users.
We will look at the permissions of an Addon User. In the following, the permissions are brought up by right-clicking the folder and inspecting the properties of the file/folder.
Example addon user jfarran
Notice that owner and group permissions are read/write/executable. This is correct. World or other permissions indicate no permission given to others.