add documentation on options/parameters for controlling permissions (WIP) #146
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| .. _controlling_permissions: | ||
|
|
||
| Controlling permissions of installations | ||
| ======================================== | ||
|
|
||
| Various configuration options and easyconfig parameters are available that control (group) ownership and permissions of | ||
| software installations performed with EasyBuild. | ||
|
|
||
| These can be used to protect installations of licensed software, or to make sure that installations can be | ||
| modified/removed by other users which can be interesting in case multiple users are performing installations using | ||
| EasyBuild to a shared filesystem. | ||
|
|
||
| .. note:: | ||
|
|
||
| These options and parameters only affect the permissions and (group) ownership of the actual software installations | ||
| themselves, not of the module files that are generated for them or other files being generated/copied (e.g. the | ||
| easyconfig file that is copied to the easyconfigs repository). | ||
|
|
||
| Configuration options | ||
| --------------------- | ||
|
|
||
| These configuration options are *global*, in the sense that they apply to all software installations being performed | ||
| when they are set. | ||
|
|
||
| We'll refer to them via their respective command line option, but just like all other configuration option these can | ||
| also be set via an EasyBuild configuration file or via an ``$EASYBUILD*`` environment variable | ||
| (see :ref:`configuration_consistency`). | ||
|
|
||
| Group ownership (``--group``) | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| Force group-writeable installations (``--group-writable-installdir``) | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
|
There was a problem hiding this comment. Regardless of the value of the umask configuration option, the default behaviour is to create only user-writable installations (only the original installer may re-install a package). This setting will override this default and create group-writable installations. |
||
| Forced read-only installations (``--read-only-installdir``) | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| GID bit (``--set-gid-bit``) | ||
|
There was a problem hiding this comment. When using this as a site-wide configuration option, this will force the entire installation tree to belong to the same unix group as the original root directory. This is necessary when multiple users are responsible for installations and they do not share a common primary group. |
||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| Sticky bit (``--sticky-bit``) | ||
|
There was a problem hiding this comment. The sticky bit ensures that (unless nullified with the |
||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| File creation mode mask (``--umask``) | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
|
There was a problem hiding this comment. Override the default umask settings. For example, when multiple users are responsible for installations (and these users belong to a common group) then you would set the umask to 002. This would allow different users to install different versions of a software package (though, by default, the installation of a particular version is still only writeable by the original installer, to override this see There was a problem hiding this comment. This needs a bit more information. E.g. mention that this removes some permissions if they are set. Like "002" removes the read permissions for "others" (users except the owner and the group) |
||
|
|
||
| Easyconfig parameters | ||
| --------------------- | ||
|
|
||
| These easyconfig parameters can be defined in easyconfig files to control ownership/permission aspects for the | ||
| particular installation that results from using that easyconfig file. | ||
|
|
||
| Group ownership (``group``) | ||
|
There was a problem hiding this comment. This option restricts read access to a particular unix group. Typical usage is for the case of licensed software. The installer must also belong to this group and, if necessary, have executed |
||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| Post installation commands (``postinstallcmds``) ?? | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| .. can be useful for fixing permissions of individual files via chmod/chown | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is probably the one that needs a little explaining since it would be unusual to use this as a configure option, something like
Name of the user group for which the software should be available, typical usage is to restrict access to a particular unix group due to the use of licensed software