Added chmod and chown explanations to data_sharing.md.

5eb3794e · Jan Frenzel · b1733dc4 · 5eb3794e
Commit 5eb3794e authored 2 years ago by Jan Frenzel
--- a/doc.zih.tu-dresden.de/docs/data_lifecycle/data_sharing.md
+++ b/doc.zih.tu-dresden.de/docs/data_lifecycle/data_sharing.md
 # Sharing Data

 This page should provide you some commands to share your data with other users or projects.
+
+## Grant access on some file or directory to persons in your project
+
+If all persons that should be able to access your data are in the same project, you can give them
+access to your workspace, e. g. `input-data` via the following commands:
+
+```console
+marie@login$ id --group --name
+p_number_crunch
+marie@login$ chown -R marie:p_number_crunch /scratch/ws/1/marie-input-data
+```
+
+Now, everyone who is in project `p_number_crunch` should be able to access your data. If this is not
+the case, you should check whether the file that your colleague wants to access is readable for the
+group (`r` permission is set for the group) and every parent directory of that file is searchable
+for the group (`x` permission is set for the group). For example, in the following case, a colleague
+of `marie` cannot access `data-file` because the base directory `.` is not searchable for the group
+as it does not have the `x` permission, even though the file has the permission `r` set for the
+group. Thus, `marie` has to make the directory searchable by using `chmod`:
+
+```console
+marie@login$ ls -la /scratch/ws/1/marie-input-data
+dr-xr-----   4 marie    p_number_crunch   4096 27. Jun 17:13 .
+drwxr-xr-x 444 operator adm             151552 14. Jul 09:41 ..
+dr-xr-----   2 marie    p_number_crunch   4096 27. Jun 17:13 data-file
+dr-xr-x---   2 marie    p_number_crunch   4096 28. Jun 09:45 env.sh
+marie@login$ chmod g+x /scratch/ws/1/marie-input-data
+marie@login$ ls -la /scratch/ws/1/marie-input-data
+dr-xr-x---   4 marie    p_number_crunch   4096 27. Jun 17:13 .
+drwxr-xr-x 444 operator adm             151552 14. Jul 09:41 ..
+dr-xr-----   2 marie    p_number_crunch   4096 27. Jun 17:13 data-file
+dr-xr-x---   2 marie    p_number_crunch   4096 28. Jun 09:45 env.sh
+```
+
+!!! danger "New file inherits group and permission of the creator"
+
+    When a user creates a file, the created file is associated to that user and inherits the user's
+    default group. If the user is in multiple groups/projects, he/she has to ensure, that the a new
+    file is associated with the project's group. This can be done using `chown` and `chmod` as shown
+    above. Another possibility is to use an environment file `env.sh` with the following content:
+
+    ```bash
+    newgrp p_number_crunch  # files should have this group by default
+    umask o-rwx             # prevent creating files that allow persons not in this group (a.k.a. others) to read, write or execute something
+    ```
+
+    Before creating new files, users can now load this file using `source` in order to ensure that
+    new files automatically get the right group:
+
+    ```console
+    marie@login$ cd /scratch/ws/1/marie-input-data
+    marie@login$ source env.sh
+    bash-4.2$ touch new-file    #create a new file
+    ```
+
 Read on, if you want to restrict access to specific persons outside of your group, but don't want to
 permit everyone to access your data.

-## Managing Access Control Lists
+## Grant access on some file or directory to persons from various projects

 [Access Control Lists](https://en.wikipedia.org/wiki/Access-control_list) (ACLs) can be used, when
 `chmod` is not sufficient anymore, e. g. because you want to permit accessing a particular file for