From 7540a8ee8029f0636c652b4be98983218ca8e681 Mon Sep 17 00:00:00 2001 From: "Eric W. Bridgeford" Date: Wed, 12 Jun 2024 12:53:02 -0700 Subject: [PATCH] updated to fix some typos and give some superficial logic for how to build acl lists --- labguide/computing/sherlock/access-and-resources.md | 13 +++++++++++-- labguide/computing/sherlock/data-management.md | 9 ++++++--- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/labguide/computing/sherlock/access-and-resources.md b/labguide/computing/sherlock/access-and-resources.md index 6ed9aee..f0f36c1 100644 --- a/labguide/computing/sherlock/access-and-resources.md +++ b/labguide/computing/sherlock/access-and-resources.md @@ -67,10 +67,19 @@ A useful and more interacrtive version of this command is `ncdu`. To use `ncdu`, add the following line to the bottom of your `~/.bash_profile`, which will load the `ncdu` module each time you log in to Sherlock: ```bash -$ ml system ncdu +ml system ncdu ``` -In future login session, you can access the `ncdu` command via +and then update your `~/.bash_profile` for the current session with: + +```bash +$ source ~/.bash_profile +``` + +which will allow the current session to load the new module updated in your bash profile for `ncdu`. +For future login sessions, re-sourcing your `~/.bash_profile` is unnecessary. + +In the present and future login sessions, you can access the `ncdu` command via: ```bash $ ncdu diff --git a/labguide/computing/sherlock/data-management.md b/labguide/computing/sherlock/data-management.md index ea7520e..c6d8320 100644 --- a/labguide/computing/sherlock/data-management.md +++ b/labguide/computing/sherlock/data-management.md @@ -18,7 +18,8 @@ Datasets that are temporary, or files generated for analyses that are not intend #### Restricting access Some data resources cannot be shared across the lab and instead need to be restricted to lab members with Data Usage Agreement (DUA) access. -The following can be adapted to restrict ACLs (access control list) to only the appropriate subset of lab members: +This can be done via access control lists (ACLs), which allow a resource to be owned by a particular owner/group, but applies an additional more specific set of permissions. +The following can be adapted to restrict ACLs to an appropriate subset of lab members: ```{.bash filename="protect_access.sh"} #!/bin/bash @@ -36,11 +37,13 @@ fi read -p "Enter the username: " user_name -# set restrictions +# set restrictions, repeating once for each desired user echo -e "Setting restrictions for ${user_name} as rxw for folder: /n ${dir_name}" setfacl -R -m u:$user_name:rwx $dir_name setfacl -R -d -m u:$user_name:rwx $dir_name +# repeat the above commands, replacing $user_name with the usernames +# for additional members # rm default permissions for the group -- oak_russpold setfacl -m d::group:oak_russpold:--- $dir_name -``` \ No newline at end of file +```