2018-06-26 CCS Storage system maintenance, July 3rd – complete

7 am – 12 am Tuesday July 3rd, storage systems for the pegasus compute cluster, apollo, and visx will undergo hardware maintenance.

During this maintenance period, pegasus batch execution and login nodes will be unavailable – as will the gateway (gw.ccs.miami.edu), apollo, and visx systems.

2017-10-05 – Advanced Computing Resources

MEMORANDUM:
Due to financial decisions made at the Miller School of Medicine (MSOM), open access on both Pegasus and Bigfoot will no longer be available to MSOM faculty, staff, and students effective October 31, 2017. 
Read the full contents for details about how this will affect your CCS account.

CCS Data Center Migration – August 3, 2017

CCS resources will be unavailable starting August 3, 2017 at 20:00. All CCS systems and networks will be affected.
Details and updates on the CCS AC website here: http://ccs.miami.edu/ac/migration

2017-02-17 CCS Advanced Computing – Slack community

CCS Advanced Computing invites you to connect with the Advanced Computing community on Slack: http://umadvancedcomputing.slack.com
The Advanced Computing community Slack channels provide a place for user discussions, information sharing, and informal announcements about CCS resources and developments. All users with an @miami.edu or @umiami.edu email address can create a Slack account in UM Advanced Computing.

2017-01-18 CCS Portal – portal.ccs.miami.edu

CCS Advanced Computing is excited to announce the launch of our newly redesigned Portal: https://portal.ccs.miami.edu
The new CCS Portal home page showcases up-to-date information about our clusters. Click the title for more details.

Pegasus Linux User Guides

Advanced Computing Pegasus Linux User Guides contain introductory information about interacting with the CentOS operating system on the Pegasus supercomputer. Access specific topics by clicking the arrows next to menu items and search all documentation pages with the search bar.

Linux on Pegasus

Pegasus is currently running the CentOS 6.5 operating system, a distribution of Linux. Linux is a UNIX-like kernel, though in this document it will generally refer to the entire CentOS distribution. The three basic components of UNIX-like operating systems are the kernel, shell, and system programs. The kernel handles resource management and program execution. The shell interprets user commands typed at a prompt. System programs implement most operating system functionalities such as user environments and schedulers.

Everything in Linux is either a file (a collection of data) or a process (an executing program). Directories in Linux are types of files.

In the below examples, username represents your CCS Account.

Navigating Pegasus with the Linux Shell

The shell is command-line interface (CLI), a type of user interface that interprets commands typed at a prompt. The default shell on Pegasus is Bash.

Users send commands to the shell, which runs them and outputs results. Commands can include options (or flags) to modify output and arguments to specify command targets. In Bash, command history can be accessed from the prompt with up and down arrow keys – use this to repeat a previously issued command.

Below are some useful Linux shell commands with explanations and examples. Recall that Linux is case-sensitive— “name” is distinct from “NAME” and other capital and lower-case combinations (“Name”, “nAMe”, etc.). To cancel a process and return to the prompt in Linux, press CTRL-C in Windows or Command-C in Mac.

View your current shell with echo:

The echo command displays a line of text. In Linux, $ denotes a variable. The $SHELL environment variable contains your current shell. To view the contents of this variable, send it to the echo command. Variables will be interpreted by the command even when inside lines of text, as shown below.

[username@pegasus ~]$ echo $SHELL
/bin/bash
[username@pegasus ~]$ echo "My shell is $SHELL"
My shell is /bin/bash

View all environment variables with env:

To view all your environment variables, use the env command. To view this list alphanumerically, use env | sort.

[username@pegasus ~]$ env
MODULE_VERSION_STACK=3.2.10
LC_PAPER=en_US.utf8
HOSTNAME=login4
SHELL=/bin/bash
...
[username@pegasus ~]$ env | sort
...

View your current directory with pwd:

Directories in Linux are similar to folders in other operating systems. Your home directory is the default location after login. The shortcut for home in Bash is the tilde (~), shown below just before the prompt ($). pwd outputs the absolute path, the unique location starting from the topmost, or root, directory (/).

[username@pegasus ~]$ pwd
/nethome/username

View the contents of a directory with ls:

Entering the ls command without arguments (as shown below) lists the contents of the current directory. If this is your first connection to Pegasus, your home directory may be empty. Directories can be distinguished from files by the leading d in file permissions.

[username@pegasus ~]$ ls 
example_file1  example_file2  testdir1

To view the contents of a specific directory, send the path as an argument to ls. In this example the current directory is home, which contains testdir1. As shown in the output, testdir1 contains one file: testdir1_file1

[username@pegasus ~]$ ls testdir1
testdir1_file1

Note that you can press the TAB key on your keyboard to auto-complete names. If there are multiple matches, a list of options will be shown. Type the next letter and press TAB again until tab-complete finishes.

Command details and flag information can be found in the Linux manual pages, accessible via the command line:

[username@pegasus ~]$ man topic or command

Press SPACE to see the next set of lines. To scroll, use the arrow keys or Page Up and Page Down. To exit, type q.

ls can be run with options, or flags, to customise output. For example, view more detailed information such as file permissions using the -lh flags.

[username@pegasus ~]$ ls -lh
total 0
-rw-r--r-- 1 username ccsuser  54  example_file1
-rw-r--r-- 1 username ccsuser 476  example_file2
drwxr-xr-x 2 username ccsuser 512  testdir1
...

The flags on this ls -lh command:

  • -l long list format (includes permissions, owner, and more)
  • -h human readable filesize format (useful for larger file sizes)

Other useful ls flags:

  • -a include hidden files *
  • -d list properties of a directory itself, not the contents
  • -1 (number 1) one result per line
  • -R recursively list subdirectory contents
  • -S sort by file size
  • -X sort alphanumerically by extension
  • -m comma-separated list

* Hidden files include the . and .. directories, which represent the current and parent (respectively). These can be used as shortcuts in relative paths:

[username@pegasus testdir1]$ ls -a
.  ..  testdir1_file1
[username@pegasus testdir1]$ ls ..
example_file1  example_file2  testdir1

Navigate to directories with cd:

This command changes your current directory to the path specified, which can be absolute, starting with /, or relative, starting from the current directory.

[username@pegasus ~]$ cd testdir1
[username@pegasus testdir1]$

Some useful cd commands:

  • cd or cd ~ move to user’s home directory
  • cd .. move to parent directory
  • cd - move to previous working directory

View directory contents with tree:

Pegasus has the tree package installed, which recursively outputs a depth-indented list of contents. This may be more helpful than ls for nested directories.

[username@pegasus ~]$ tree -vC
.
|-- example_file1
|-- example_file2
|-- testdir1
    `-- testdir1_file1

1 directory, 3 files

The flags on this tree -vC command:

  • -v sort alphanumerically by type
  • -C colorise output

Other useful tree flags:

  • -a include hidden files
  • -d list directories only
  • -r sort reverse alphanumerically
  • -L number descend only number levels deep

Check command availability and location with which:

The which command returns the full path of any shell commands registered in the current environment by searching locations in the $PATH environment variable. Use which to check command and software availability and location.

[username@pegasus ~]$ which bash
/bin/bash
[username@pegasus ~]$ which vim
/usr/bin/vim
[username@pegasus ~]$ which python
/share/opt/python/2.7.3/bin/python

Back to Top

Interacting with files on Linux

Make directories with mkdir:

This command creates new, empty directories.

[username@pegasus ~]$ mkdir testdir2
[username@pegasus ~]$ ls
example_file1  example_file2  testdir1  testdir2

Multiple directories can be created at the same time, as can directory hierarchies:

[username@pegasus ~]$ mkdir firstdir seconddir
[username@pegasus ~]$ ls
example_file1  example_file2  firstdir  secondir  testdir1  testdir2

[username@pegasus ~]$ mkdir -pv level1/level2/level3
mkdir: created directory `level1'
mkdir: created directory `level1/level2'
mkdir: created directory `level1/level2/level3'
[username@pegasus ~]$ ls
example_file1  example_file2  firstdir  level1  seconddir  testdir1  testdir2
[username@pegasus ~]$ ls level1
level2

The flags on this mkdir -pv command:

  • -p make parent directories as needed
  • -v print a message for each created directory

If a directory already exists, mkdir will output an error message:

[username@pegasus ~]$ mkdir testdir1
mkdir: cannot create directory `testdir1': File exists

Remove directories with rmdir:

Directories must be empty for rmdir to remove them.

[username@pegasus ~]$ rmdir firstdir seconddir
[username@pegasus ~]$ ls
example_file1  example_file2  level1  testdir1  testdir2

[username@pegasus ~]$ rmdir testdir1 level1
rmdir: failed to remove `testdir1': Directory not empty
rmdir: failed to remove `level1': Directory not empty
[username@pegasus ~]$ ls testdir1 level1
level1:
level2

testdir1:
testdir1_file1

The individual directories in the above example are empty. The top level of the hierarchy in the above example is not empty, neither is testdir1. To remove directories that are not empty, see rm.

Remove files and directories with rm:

There is no ‘recycle bin’ on Pegasus. Removing files with rm is permanent and cannot be undone.

[username@pegasus ~]$ rm -v example_file3
removed `example_file3'
[username@pegasus ~]$ ls
example_file1  example_file2  level1  testdir1  testdir2

The flag on this rm -v command:

  • -v print a message for each removed file or directory

Because directories are types of files in Linux, rm can be used with the recursive flag to remove directories. Recall that rm in Linux is permanent and cannot be undone. Without the recursive flag, rm on a directory will produce an error as shown below.

[username@pegasus ~]$ rm level1
rm: cannot remove `level1': Is a directory
[username@pegasus ~]$ rm -rv level1
removed directory: `level1/level2/level3'
removed directory: `level1/level2'
removed directory: `level1'

The flags on this rm -rv command:

  • -r remove directories and their contents recursively
  • -v print a message for each removed file or directory

View file contents with cat:

cat reads file contents into standard output, typically the display. This is best used for small text files.

[username@pegasus ~]$ cat example_file1
This is example_file1.
It contains two lines of text.
[username@pegasus ~]$ cat -nE example_file1
     1	This is example_file1.$
     2	It contains two lines of text.$

Flags used in this command for cat:

  • -n number all output lines
  • -E display $ at the end of each line

Other useful flags:

  • -b number non-empty output lines

When no file is given, cat reads standard input (typically from the keyboard) then outputs contents (typically the display). Press CTRL-D (Windows) or Command-D (Mac) to return to the prompt.

[username@pegasus ~]$ cat
No file was given- cat reads standard input from the keyboard and will output this to the display.                              
No file was given- cat reads standard input from the keyboard and will output this to the display.
CTRL-D or Command-D
[username@pegasus ~]$ 

This feature can be used to create files.

Create files with cat and redirection:

Redirection operators in Linux send output from one source as input to another. > redirects standard output (typically the display) to a file. Combine cat with > to create a new file and add content immediately.

[username@pegasus ~]$ cat > example_file3
This is example_file3.
These lines are typed directly into the file.
Press CTRL-D (Windows) or Command-D (Mac) to return to the prompt.
CTRL-D or Command-D
[username@pegasus ~]$ cat example_file3
This is example_file3.
These lines are typed directly into the file.
Press CTRL-D (Windows) or Command-D (Mac) to return to the prompt.

Note that the > operator overwrites file contents. To append, use the append operator: >>

[username@pegasus ~]$ cat >> example_file3
This is an appended line.
CTRL-D or Command-D
[username@pegasus ~]$ cat example_file3
This is example_file3.
These lines are typed directly into the file.
Press CTRL-D (Windows) or Command-D (Mac) to return to the prompt.
This is an appended line.

Linux output redirection operators:

  • > overwrite standard output a file
  • >> append standard output to a file

View file contents with head and tail:

For longer text files, use head and tail to restrict output. By default, both output 10 lines – head the first 10, tail the last 10. This can be modified with numerical flags.

[username@pegasus ~]$ head example_file2
This is example_file2.  It contains 20 lines.  
This is the 2nd line.
This is the 3rd line.
This is the 4th line.
This is the 5th line.
This is the 6th line.
This is the 7th line.
This is the 8th line.
This is the 9th line.
This is the 10th line.
[username@pegasus ~]$ head -3 example_file2
This is example_file2.  It contains 20 lines.  
This is the 2nd line.
This is the 3rd line.

[username@pegasus ~]$ tail -4 example_file2
This is the 17th line.
This is the 18th line.
This is the 19th line.
This is the 20th line, also the last.

Rename and Move with mv:

Moving and renaming in Linux uses the same command, thus files can be renamed as they are moved. In this example, the file example_file1 is first renamed using mv and then moved to a subdirectory (without renaming).

[username@pegasus ~]$ mv example_file1 example_file0
[username@pegasus ~]$ ls
example_file0  example_file2  testdir1  testdir2
[username@pegasus ~]$ mv example_file0 testdir1/
[username@pegasus ~]$ ls testdir1
example_file0  testdir1_file1

In this example, the file example_file0 is moved and renamed at the same time.

[username@pegasus ~]$ mv -vn testdir1/example_file0 example_file1
`testdir1/example_file0' -> `example_file1'
[username@pegasus ~]$ ls
example_file1  example_file2  testdir1  testdir2

The flag on this mv -vn command:

  • -v explain what is being done
  • -n do not overwrite and existing file

Note that when mv is used with directories, it is recursive by default.

[username@pegasus ~]$ mv -v testdir1 testdir2/testdir1
`testdir1' -> `testdir2/testdir1'
[username@pegasus ~]$ ls -R testdir2
testdir2:
testdir1

testdir2/testdir1:
testdir1_file1

The file inside tesdir1 moved along with the directory.

Copy with cp:

File and directory copies can be renamed as they are copied. In this example, example_file1 is copied to example_file0.

[username@pegasus ~]$ cp example_file1 example_file0
[username@pegasus ~]$ cat example_file0
This is example_file1.
It contains two lines of text.

The contents of the copied file are the same as the original.

cp is not recursive by default. To copy directories, use the recursive flag -R.

[username@pegasus ~]$ cp -Rv testdir2 testdir2copy
`testdir2' -> `testdir2copy'
`testdir2/testdir1' -> `testdir2copy/testdir1'
`testdir2/testdir1/testdir1_file1' -> `testdir2copy/testdir1/testdir1_file1'
[username@pegasus ~]$ ls
example_file0  example_file1  example_file2  testdir2  testdir2copy

The flags on this cp -Rv command:

  • -R copy directories recursively
  • -v for verbose, explain what is being done

Other useful flags:

  • -u (update) copy only when source is newer, or destination is missing
  • -n do not overwrite an existing file
  • -p preserve attributes (mode, ownership, and timestamps)

Edit files with vi:

vi is a modal text editor available on Pegasus and most Linux systems. It can be launched with the command vi (plain) or vim (syntax-highlighted based on file extension). vi has two main modes: Insert and Command.

  • Command mode:  searching, navigating, saving, exiting, etc.
  • Insert mode:  inserting text, pasting from clipboard, etc.

vi launches in Command mode by default. To enter Insert mode, type i on the keyboard. Return to Command mode by pressing ESC on the keyboard. To exit and save changes, type :x (exit with save) or :wq (write and quit) on the keyboard while in Command mode (from Insert mode, type ESC before each sequence).

In the example below, the arrow keys are used to navigate to the end of the first line. i is pressed to enter Insert mode and the file name on line 1 is changed. Then ESC:x is entered to change to Command mode and exit saving changes.

[username@pegasus ~]$ vi example_file0
...
This is example_file0.
It contains two lines of text.
~  
~ 
~ 
~ 
"example_file0" 2L, 54C    
:x
[username@pegasus ~]$ cat example_file0
This is example_file0.
It contains two lines of text.

Some vi tutorials and commands:

View file contents by page with more and less:

Pager applications provide scroll and search functionalities, useful for larger files. Sets of lines are shown based on terminal height. In both more and less, SPACE shows the next set of lines and q quits. more cannot scroll backwards. In less, navigate with the arrow keys or Page Up and Page Down, and search with ? (similar to man pages).

[username@pegasus testdir1]$ less testdir1_file1
...
This is tesdir1_file1.  It contains 42 lines.  
02
03
04
05
06
07
: SPACE or Page Down
36
37
38
39
40
41
42
(END)  q
[username@pegasus testdir1]$ 

Back to Top

File Permissions on Linux

File permissions control which users can do what with which files on a Linux system. Files have three distinct permission sets:  one for the user who owns the file (u), one for the associated group (g), and one for all other system users (o). Recall that directories are types of files in Linux.
As policy, CCS does not alter user files.

To view file permissions, list directory contents in long listing format with ls -l. To check directory permissions, add the -d flag: ls -ld. Paths can be relative or absolute.

[username@pegasus ~]$ ls -l /path/to/directory/or/file
...
[username@pegasus ~]$ ls -ld /path/to/directory
...

Understanding File Permission Categories

Permissions are defined by three categories:

u : user (owner)
g : group
o : other

Each category has three permission types, which are either on or off:

r : read
w : write
x : execute

For a directory, x means users have permission to search the directory.

File and Directory Permission Examples:

mydir contains two files. The owner (u) has read and write (rw) permissions, members of ccsuser (g) have read (r) permissions, and all other users (o) have read (r) permissions.

[username@pegasus ~]$ ls -l /nethome/username/mydir
total 0
-rw-r--r-- 1 username ccsuser myfile.txt
-rw-r--r-- 1 username ccsuser myfile2.txt

For the directory mydir, the owner (u) has read, write, and browse (rwx) permissions, members of ccsuser have read and browse (rx), and all other users (o) have read only (r).

[username@pegasus ~]$ ls -ld /nethome/username/mydir
drwxr-xr-- 2 username ccsuser /nethome/username/mydir

Decimal representation

Permissions can also be represented with 3 decimal numbers, corresponding to the decimal representation of each category’s binary permissions. Decimal representation can be used when changing file permissions.

myfile.txt has the following binary and decimal permissions:

-rw- r-- r-- 1 username ccsuser myfile.txt
 110 100 100
   6   4   4

 -  : this file is not a directory
rw- : u - username (owner) can read and write
r-- : g - members of ccsuser can read only
r-- : o - other users can read only

mydir (a directory) has the following permissions:

drwx r-x --x 2 username ccsuser /nethome/username/mydir
 111 101 100
   7   5   4

 d  : this file is a directory
rwx : u - username (owner) can read, write, and execute 
r-x : g - members of ccsuser can read and execute 
--x : o - other users can execute (search directory)

Changing File Permissions in Linux

Use chmod to change the access mode of a file or directory. The basic syntax is chmod options file.

The 3 options are: category, operator, and permission (in order). Options can also be assigned numerically using the decimal value for each category (note that all three decimal values must be present and are assigned in category order – u, g, o).
Use the -R flag with chmod to apply permissions recursively, to all contents of a directory.

Categories for chmod:

u : user (who owns the file)
g : group
o : other
a : all categories (u, g, and o shortcut)

Operators for chmod:

= : assigns (overwrites) permissions
+ : adds permissions
- : subtracts permissions

Permissions for chmod:

r : read
w : write
x : execute 

Examples with chmod

Assign file owner (u) full permissions (rwx) on myfile.txt:

[username@pegasus mydir]$ chmod u=rwx myfile.txt
[username@pegasus mydir]$ ls -l myfile.txt
-rwxr--r-- 1 username ccsuser myfile.txt

Assign full permissions (7) for file owner, read and write (6) for members of ccsuser, and execute only (1) for others:

[username@pegasus mydir]$ chmod 761 myfile.txt
[username@pegasus mydir]$ ls -l myfile.txt
-rwx rw- --x 1 username ccsuser myfile.txt
 111 110 001
   7   6   1

Add for members of ccsuser (g) full permissions (rwx) on mydir and all files under mydir (-R flag):

[username@pegasus ~]$ chmod -R g+rwx mydir
[username@pegasus ~]$ ls -l mydir
total 0
-rw-rwxr-- 1 username ccsuser myfile2.txt
-rwxrwxr-- 1 username ccsuser myfile.txt
[username@pegasus ~]$ ls -ld mydir
drwxrwx--x 2 username ccsuser mydir

Remove for members of ccsuser (g) write permission (w) on mydir and all files under mydir (-R flag):

[username@pegasus ~]$ chmod -R g-w mydir
[username@pegasus ~]$ ls -l mydir
total 0
-rw-r-xr-- 1 username ccsuser myfile2.txt
-rwxr-xr-- 1 username ccsuser myfile.txt
[username@pegasus ~]$ ls -ld mydir
drwxr-x--x 2 username ccsuser mydir

Add for members of ccsuser (g) write permission (w) on mydir, directory only:

[username@pegasus ~]$ chmod g+w mydir
[username@pegasus ~]$ ls -ld mydir
drwxrwx--x 2 username ccsuser mydir
[username@pegasus ~]$ ls -l mydir
total 0
-rw-r-xr-- 1 username ccsuser  myfile2.txt
-rwxr-xr-- 1 username ccsuser  myfile.txt

Changing Group Ownership in Linux

Use chgrp to change the group ownership of a file or directory. The basic syntax is chgrp group file.

The file owner must be a member of the group. By default, chgrp does not traverse symbolic links.
Use the -R flag with chgrp to apply the group change recursively, to all contents of a directory.

Examples with chgrp

Change the group ownership of mydir to mygroup, directory only:

[username@pegasus ~]$ chgrp mygroup mydir
[username@pegasus ~]$ ls -ld mydir
drwxrwx--x 2 username mygroup mydir
[username@pegasus ~]$ ls -l mydir
total 0
-rw-r-xr-- 1 username ccsuser  myfile2.txt
-rwxr-xr-- 1 username ccsuser  myfile.txt

Change the group ownership of mydir and all files under mydir to mygroup (-R flag):

[username@pegasus ~]$ chgrp -R mygroup mydir
[username@pegasus ~]$ ls -ld mydir
drwxrwx--x 2 username mygroup mydir
[username@pegasus ~]$ ls -l mydir
total 0
-rw-r-xr-- 1 username mygroup  myfile2.txt
-rwxr-xr-- 1 username mygroup  myfile.txt

Back to Top

Access Control Lists

Access Control Lists (ACL) are available on Pegasus file systems. They allow file owners to grant permissions to specific users and groups. When combining standard Linux permissions and ACL permissions, effective permissions are the intersection (or overlap) of the two. cp (copy) and mv (move/rename) will include any ACLs associated with files and directories.

Getting ACL information

ACL permissions start the same as the standard Linux permissions shown by ls -l output.

Get ACL information with getfacl:
[username@pegasus ~]$ getfacl mydir
# file: mydir
# owner: username
# group: mygroup
user::rwx
group::rw-
other::--x

Initial ACL permissions on mydir match the standard permissions shown by ls -ld:

[username@pegasus ~]$ ls -ld mydir
drwxrw---x 2 username mygroup mydir

Setting ACL information

Once an ACL has been set for a file or directory, a + symbol will show at the end of standard Linux permissions.

Set ACL with setfacl -m (modify):

Set for user mycollaborator permissions rwx on mydir, directory only:

[username@pegasus ~]$ setfacl -m user:mycollaborator:rwx mydir

This will set an ACL for only the directory only, not any files in the directory.

[username@pegasus ~]$ ls -ld mydir
drwxrw---x+ 2 username mygroup mydir
[username@pegasus ~]$ getfacl mydir
# file: mydir
# owner: username
# group: mygroup
user::rwx
user:mycollaborator:rwx
group::rw-
mask::rwx
other::r--

Note the + symbol at the end of standard permissions, which indicates an ACL has been set. Also note the line user:mycollaborator:rwx in the getfacl mydir output.

Files within mydir remain unchanged (no ACL has been set). getfacl on these files returns standard Linux permissions:

[username@pegasus ~]$ setfacl -Rm user:mycollaborator:rwx mydir

This will set an ACL for the directory and all files in the directory.

[username@pegasus ~]$ ls -l mydir
total 0
-rwxrw-r--+ 1 username mygroup myfile2.txt
-rwxrw-r--+ 1 username mygroup myfile.txt

Note the + symbol after file permissions, indicating an ACL has been set. getfacl on these files returns ACL permissions:

[username@pegasus ~]$ getfacl mydir/myfile.txt
# file: mydir/myfile.txt
# owner: username
# group: mygroup
user::rwx
user:mycollaborator:rwx
group::rw-
mask::rwx
other::r--

Note the line user:mycollaborator:rwx for myfile.txt.

Recall that when combining standard Linux permissions and ACL permissions, effective permissions are the intersection of the two. If user (u) permissions are changed to rw-, the effective permissions for user:mycollaborator are rw- (the intersection of rwx and rw- is rw-).

[username@pegasus ~]$ chmod u=rw mydir/myfile.txt
[username@pegasus ~]$ getfacl mydir/myfile.txt
# file: myfile.txt
# owner: username
# group: mygroup
user::rw-
user:mycollaborator:rwx
group::rw-
mask::rwx
other::r--

Note the line user::rw-, indicating users do not have permission to execute this file.

Removing ACL information

Use setfacl to remove ACL permissions with flags -x (individual ACL permissions) or -b (all ACL rules).

Remove ACL permissions with setfacl -x:

This flag can remove all permissions, but does not remove the ACL.

Remove permissions for user mycollaborator on mydir, directory only:

[username@pegasus ~]$ setfacl -x user:mycollaborator mydir
[username@pegasus ~]$ getfacl mydir
# file: mydir
# owner: username
# group: mygroup
user::rwx
group::rw-
mask::rwx
other::--x
[username@pegasus ~]$ ls -ld mydir
drwxrwx--x+ 2 username mygroup mydir

Note user:mycollaborator:rwx has been removed, but mask::rwx remains in the getfacl output. In ls -ld output, the + symbol remains because the ACL has not been removed.

Remove all ACL rules with setfacl -b:

This flag removes the entire ACL, leaving permissions governed only by standard Linux file permissions.

Remove all ACL rules for mydir, directory only:

[username@pegasus ~]$ setfacl -b mydir
[username@pegasus ~]$ ls -ld mydir
drwxrwx--x 2 username mygroup mydir
[username@pegasus ~]$ getfacl mydir
# file: mydir
# owner: username
# group: mygroup
user::rwx
group::rwx
other::--x

Note the + symbol is gone from ls -ld output, indicating only standard Linux permissions apply (no ACL). The mask line is gone from getfacl output.

Remove all ACL rules for mydir, recursively (all contents):

[username@pegasus ~]$ setfacl -Rb mydir
[username@pegasus ~]$ ls -l mydir
total 0
-rwxrwxr-- 1 username mygroup myfile2.txt
-rwxrwxr-- 1 username mygroup myfile.txt

Note the + symbols are gone for the contents of mydir, indicating only standard Linux permissions apply (no ACLs).

For more information, reference the manual pages for getfacl and setfacl:  man getfacl and man setfacl.

Back to Top

Suggest Edit

Our online documentation is best viewed with a tablet or a computer.

Advanced Computing Pegasus Linux User Guides contain introductory information about interacting with the CentOS operating system on the Pegasus supercomputer. Access specific topics by clicking the arrows next to menu items and search all documentation pages with the search bar.

Return to Advanced Computing Documentation & User Guides.