Newly created user folders are not accessible by other groups or users on CSCS systems. The Access Control Lists (ACLs) let you grant access to one or more groups or users.
Step-by-step guide
In traditional POSIX, access permissions are granted to user/group/other in mode read/write/execute. The permissions can be checked with the -l option of the command ls. For instance, if user1 owns the folder test, the output would be the following:
$ ls -lahd test/ drwxr-xr-x 2 <user1> csstaff 4.0K Feb 23 13:46 test/
ACLs are an extension of these permissions to give one or more users or groups access to your data. The ACLs on the test folder of user1 can be shown with the command getfacl:
$ getfacl test # file: test # owner: <user1> # group: csstaff user::rwx group::r-x other::r-x
The command setfacl can add users or groups to read/write/execute on a selected file or folder using the option -M (--modify-file) or -m (--modify) to modify the ACL of a file or directory:
$ setfacl -m user:<user2>:rw test/ $ getfacl test/ # file: test # owner: <user1> # group: csstaff user::rwx user:<user2>:rw group::r-x mask::rwx other::r-x
In the example above, user2 will be granted read and write access to the test folder owned by user1. The -X (--remove-file) and -x (--remove) options will remove ACL entries instead:
$ setfacl -x user:<user2> test/ $ getfacl test/ # file: test # owner: <user1> # group: csstaff user::rwx group::r-x mask::rwx other::r-x
Access rights can also be granted recursively to a folder and its children (if they exist) using the option -R, --recursive. In the next example, all new files created inside the test folder of user1 will inherit the permissions, since default ACLs are set with the option -d, --default:
$ setfacl -dm user:<user2>:rw test/ $ getfacl test # file: test # owner: <user1> # group: csstaff user::rwx group::r-x mask::rwx other::r-x default:user::rwx default:user:<user2>:rw default:group::r-x default:mask::rwx default:other::r-x
Please have a look at the man page man setfacl for more options of the command setfacl