Permissions wash

[durack1]

There is a need to ensure that file and directory permissions are correctly set after each run. These are 775/r-x for directories and 774/r-- for files.

-bash-4.2$ ls -al ../CMIP6/CMIP/historical/ocean/mon/thetao/
CMIP6.CMIP.historical.AS-RCEC.TaiESM1.r1i1p1f1.mon.thetao.
ocean.glb-l-gn.v20200320.0000000.0.xml 
-rwxrwxr-- 1 poche xclimw 55846 May  1 05:43 ../CMIP6/CMIP/
historical/ocean/mon/thetao/CMIP6.CMIP.historical.AS-RCEC.TaiESM1.
r1i1p1f1.mon.thetao.ocean.glb-l-gn.v20200320.0000000.0.xml
...
-bash-4.2$ ls -al ../CMIP6/CMIP/historical/ocean/mon
total 3264
drwxrwxr-x 31 poche xclimw  4096 Jan 16 02:57 .
drwxrwxr-x  4 poche xclimw  4096 Jun  5  2019 ..
drwxrwxr-x  2 poche xclimw 32768 May 25 04:02 agessc
drwxrwxr-x  2 poche xclimw 32768 May  6 04:07 cfc11
drwxrwxr-x  2 poche xclimw 65536 Jun  1 04:05 evs
drwxrwxr-x  2 poche xclimw 32768 Jun  1 04:05 ficeberg

https://superuser.com/questions/91935/how-to-recursively-chmod-all-directories-except-files

[lee1043]

@durack1 thank you for following up!

[durack1]

Some notes:

find ../xclim -type d -print | xargs -0 sudo chmod 775
find ../xclim -type f -print | xargs -0 sudo chmod 774

[durack1]

@pochedls which user is the cron run under, I assume this is your account?

[pochedls]

Yes - the cron jobs are under my account.

[pochedls]

I didn't do anything about this. It appears that newly generated xml files are readable (e.g., this one today):

/p/user_pub/xclim/CMIP6/ScenarioMIP/ssp585/ocean/mon/thetao/CMIP6.ScenarioMIP.ssp585.MOHC.HadGEM3-GC31-MM.r1i1p1f3.mon.thetao.ocean.glb-l-gn.v20200515.0000000.0.xml

@durack1 - can this one be closed out?

[durack1]

@pochedls probably best that we clean this up a little better, it's currently a different group and file perms:

-rwxrwxr--  1 poched xclimw     21217 Mar  2 04:10 CMIP6.ScenarioMIP.ssp585.MOHC.HadGEM3-GC31-LL.r3i1p1f3.mon.thetao.ocean.glb-l-gn.v20200121.0000000.0.xml
-rw-r--r--  1 poched climate    33089 Jul  7 04:09 CMIP6.ScenarioMIP.ssp585.MOHC.HadGEM3-GC31-MM.r1i1p1f3.mon.thetao.ocean.glb-l-gn.v20200515.0000000.0.xml
-rwxrwxr--  1 poched xclimw     21142 Aug 12  2019 CMIP6.ScenarioMIP.ssp585.MOHC.UKESM1-0-LL.r1i1p1f2.mon.thetao.ocean.glb-l-gn.v20190726.0000000.0.xml

Where do you want a fix, as a *.sh to call within crons, or a python function in climlib?

[pochedls]

What's wrong with the group being climate for all files?

[durack1]

If you leave the group as climate and open up group perms to *rwx* then it means any user can purge/edit/delete the file. With xclimw as the group, anyone who is a group member can manage the files (i.e. you and me at the same time) without butting heads

[pochedls]

If you leave the group as climate and open up group perms to rwx then it means any user can purge/edit/delete the file.

But it isn't group writeable.

With xclimw as the group, anyone who is a group member can manage the files (i.e. you and me at the same time) without butting heads.

Sure. I don't have a strong feeling about how to do this (ideally whatever it is will be fast / low computational cost).

[durack1]

@pochedls leaving as poched|climate means that only the owner can write, which means, unless I login as you, we're back to the original group xclimw idea for multi-user management. The perms of dirs need to be rwxr-xr-x minimum (no r OR x would mean that a global user can't traverse the dir structure), but you're right for the files this could be rw-r--r-- your default as above