Newly created user folders are not accessible by other groups or users on CSCS systems. The Access Control Lists (ACLs) let you grant access to one or more groups or users.
Step-by-step guide
In traditional POSIX, access permissions are granted to user/group/other in mode read/write/execute. You can check these permissions of a folder test with the -l option of the command ls:
$ ls -lahd test/ drwxr-xr-x 2 <user1> csstaff 4.0K Feb 23 13:46 test/
ACLs are an extension of these permissions to give one or more users or groups access to your data. You can list the current ACLs on a folder with the command getfacl:
$ getfacl test # file: test # owner: <user1> # group: csstaff user::rwx group::r-x other::r-x
The command setfacl can add users or groups to read/write/execute on a selected file or folder using the option -M (--modify-file) or -m (--modify) to modify the ACL of a file or directory:
$ setfacl -m user:<user2>:rw test/ $ getfacl test/ # file: test # owner: <user1> # group: csstaff user::rwx user:<user2>:rw group::r-x mask::rwx other::r-x
The example above will give the selected <username> read and write access to the folder test. The -X (--remove-file) and -x (--remove) options will remove ACL entries instead:
$ setfacl -x user:<user2> test/ $ getfacl test/ # file: test # owner: <user1> # group: csstaff user::rwx group::r-x mask::rwx other::r-x
You can also grant permissions recursively to a folder and its children (if they exist) using the option -R, --recursive. If you want that all new files created inside a specific folder inherit the permissions, you need to configure the default ACLs with the option -d, --default:
$ setfacl -dm user:<user2>:rw test/ $ getfacl test # file: test # owner: <user1> # group: csstaff user::rwx group::r-x mask::rwx other::r-x default:user::rwx default:user:<user2>:rw default:group::r-x default:mask::rwx default:other::r-x
Please have a look at the man page man setfacl for more options of the command setfacl