Newly created user folders are not accessible by other users on CSCS systems. The Access Control Lists (ACLs) let you grant access to one or more groups or users.
Step-by-step guide
In traditional POSIX, access permissions are granted to user/group/other in mode read/write/execute. You can check these permissions of a folder test with the -l option of the command ls:
$ ls -lahd test/ drwxr-xr-x 2 pasmarco csstaff 4.0K Feb 23 13:46 test/
ACLs are an extension of these permissions to give one or more users or groups access to your data. You can list the current ACLs on a folder with the command getfacl:
$ getfacl test # file: test # owner: pasmarco # group: csstaff user::rwx group::r-x other::r-x
The command setfacl can add users or groups to read/write/execute on a selected file or folder using the option -M (--modify-file) or -m (--modify) to modify the ACL of a file or directory:
$ setfacl -m user:<username>:rw test/ $ getfacl test/ # file: test # owner: pasmarco # group: csstaff user::rwx user:<username>:rw group::r-x mask::rwx other::r-x
The example above will give the selected <username> read and write access to the folder test. The -X (--remove-file) and -x (--remove) options instead will remove ACL entries (it is not an error to remove an entry which does not exist):
$ setfacl -x user:<username> test/ $ getfacl test/ # file: test # owner: pasmarco # group: csstaff user::rwx group::r-x mask::rwx other::r-x
You can also grant permissions recursively to a folder and its children (if they exist) using the option -R, --recursive. If you want that all new files created inside a specific folder inherit the permissions, you need to configure the default ACLs with the option -d, --default:
$ setfacl -dm user:<username>:rw test/ $ getfacl test # file: test # owner: pasmarco # group: csstaff user::rwx user:<username>:rwx group::r-x mask::rwx other::r-x default:user::rwx default:user:<username>:rw default:group::r-x default:mask::rwx default:other::r-x
Please have a look at the man page man setfacl for more options of the command setfacl