This article was contributed by:
Nicholas M. Blauch
Ph.D. Student, Program in Neural Computation
Center for the Neural Basis of Cognition
Carnegie Mellon University, Pittsburgh PA
https://nblauch.github.io
By default, directories have read and execute permissions for all MIND users. Additional write permissions are provided to you and users in your group.
You can see the permissions by running the command ‘ls -l ../<path_to_dir> ’. e.g.
[nblauch@mind ~]$ ls -l /lab_data drwxrwxr-x 5 root behrmannlab 5 Jan 22 00:00 behrmannlab
The permissions are given in the first major column: rwxrwxr-x (the leading d just indicates that it is a directory). From left to right, we have user (read (r), write (w), execute (x)), group (read, write, execute), and public/system-wide (read, NO write, execute). The owner is given by the 4rd major column (‘root’), and the group is given by the 4th major column (‘behrmannlab’).
You can see your groups by typing ‘groups’ at the terminal. Additionally, you can see the members of a given group, e.g. behrmannlab, with the following command:
grep 'behrmannlab' /etc/group
If you are working with sensitive data (e.g., confidential fMRI data ), you should limit read access to this data to only your lab group. For example, the Behrmann lab stores neuroimaging data on MIND but needs to restrict read access to only lab members.
If you have any directories which you would like to restrict permissions on, you can use chmod to change permissions. You might find the following commands helpful:
- Full permissions to user and group, no permissions to others:
chmod 770 <path_to_dir>
- Full permissions to user, read/execute permissions to group only:
chmod 750 <path_to_dir>
- Full permissions to user, no permissions to any others:
chmod 700 <path_to_dir>
If you want to choose your own level of permissions, you can use this handy calculator (https://chmod-calculator.com/) to find the code for chmod.
We might want to store other files in our lab storage that are not restricted. This is why it is good that /lab_data/behrmannlab has public r/x permissions, since folders beneath it can then be given arbitrary permissions based on your needs. If read permissions are restricted on a directory, e.g. $HOME, any directories below $HOME will be subject to those restrictions as well. That is, if someone cannot read a directory, that someone cannot read or write in any directories below it. So, you can restrict permissions on an entire directory tree easily by controlling r/x permissions at the top of the directory.
Finally, if you want to change the group of a folder (owned by you) (e.g. to behrmannlab), you can use the chgrp command:
chgrp behrmannlab <path_to_dir>