How can I share data with other users?

Created by Kali McLennan, Modified on Tue, 17 Dec, 2024 at 5:09 PM by Kali McLennan

Alpha supports the use of Access Control List (ACL) entries to permit specific other users to interact with your data. ACLs provide robust and fine-grained access control that goes well beyond the capabilities of simple POSIX file/directory permissions.


The usage of these commands is different for managing ACL entries on /mnt/luster vs /mnt/home.


Managing ACLs on /mnt/home


ACLs on /mnt/home are managed through the commands `nfs4_setfacl` and `nfs4_getfacl`. One significant caveat for ACLs on /mnt/home are that they must use UID numbers and NOT usernames. See the following workflow for a basic overview:


Example: Allow another user to view your home directory


Step 1: Identify the UID of the user you want to share with by using the "id -u" command. This will print the UID number of the user on the next line.

[kmclennan@alpha1 ~] id -u kmclennan
1029

Step 2: Add the ACL to grant UID 1029 Read and eXecute permissions on $HOME

[kmclennan@alpha1 ~] nfs4_setfacl -a "A::1029:RX" $HOME

Step 3: Verify the new ACL

[kmclennan@alpha1 ~] nfs4_getfacl $HOME
# file: /mnt/home/kmclennan
A::1029:rxtncy
A::OWNER@:rwaDxtTnNcy
A:g:GROUP@:
A::EVERYONE@:


Example: Allow another user to view all contents of your home


To accomplish this, you will need to do 2 things: modify the existing ACLs recursively, and then set new inherited ACLs.


Step 1: Identify the UID of the user you want to share with by using the "id -u" command. This will print the UID number of the user on the next line.

[kmclennan@alpha1 ~] id -u kmclennan
1029


Step 2: Recursively modify existing ACL entries to permit this user access to files/directories.

[kmclennan@alpha1 ~] nfs4_setfacl -R -a "A::1029:RX" $HOME


Step 3: Add new default directory/file ACL entries. The 'fdi' portion of this command applies the ACL to "files" and "directories" as well as applying it as "inheritable" so that it gets carried forward on newly created files/directories.

# Add entries to make yourself have inherited RWX permissions and your group have RX
[kmclennan@alpha1 ~] nfs4_setfacl -a "A:fdi:OWNER@:RWX" $HOME
[kmclennan@alpha1 ~] nfs4_setfacl -a "A:gfdi:GROUP@:RX" $HOME
# Add an entry so that UID 1029 has inherited RX permissions
[kmclennan@alpha1 ~] nfs4_setfacl -a "A:fdi:1029:RX" $HOME


More information about NFS4 ACLs can be found at: https://linux.die.net/man/5/nfs4_acl

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article