Who can access my files?

If you don’t change any system settings (e.g “umask”) or file permissions, only you (with some exceptions, see below) can access files in your home directory (e.g /home/x_abcde) or files in your personal area (e.g /proj/projname/users/x_abcde) of project directories. Data in other parts of the project directory (e.g /proj/projname/data/somedata) can be read, modified and deleted by all project members.

Exceptions to the above:

• Some NSC staff can access all your data, but are not allowed to do so unless specifically requested by you, e.g to help you solve a technical problem.

• The PI and proxy for the PI are allowed to access any data in the project directory, but NOT your home directory. See https://www.nsc.liu.se/support/storage/snic-centrestorage/ownership-and-legalese/

You can only directly share data with people who have a login account on Tetralith or Sigma. I.e there’s no way to make files available using FTP, Dropbox etc without copying them somewhere else.

Unix file permissions

You can manage who has access to your files and directories using traditional Unix file permissions.

You can manage permissions using e.g the chmod, chgrp and umask commands.

• chmod : change permissions on one or more files/directories
• chgrp : change the group of one or more files/directories (to another group that you are a member of)
• umask : set the default permissions that new files will get

There are countless web pages with information on this subject, see e.g Wikipedia or NERSC.

The default umask is 002, which means that files and directories by default are writable/deletable by members of the group which owns the file.

Home directories and personal areas in project directories are created with the file permissions 0700, which means that no one except you can get inside them, so even though the umask makes files writable by group, members of the group can’t get at the files because the top directory (e.g /home/x_abcde, /proj/snic2015-1-123/users/x_abcde) is protected.

If you want to make newly created files/directories readable but not writable by others, put the command umask 022 in your shell startup file (.bashrc for bash).

If you want to make newly created files/directories completely inaccessible to others, put the command umask 077 in your shell startup file (.bashrc for bash).

You need to logout/login for the umask change in .bashrc to become active (you can see your current umask by typing umask) and it only affects new files/directories. It is also possible for an application to override the umask (e.g if you unpack a tar archive or run “rsync -a”).

ACLs

The file system used (GPFS) support ACLs, but they’re not actively used by NSC, and probably not by any of our users. If you want to use ACLs, please contact NSC Support for advice.