PBS
The Permanent Backed-up Storage (PBS) is a shared filesystem that hosts:
users personal directories,
environment variable:
$HOME
default quota: 20 GiB
experiments THRONG directories,
environment variable:
$THRONG_DIR
default quota: 100 GiB
common software installed by CC-IN2P3.
The PBS service ensures a daily backup of all these data. These storage areas are accessible to both users connected to interactive servers and to jobs running on compute servers.
Users can ask for quota extensions on PBS if needed. To do so, please contact the user support.
The command fs4
allows, along with ACL management, to consult the storage quota and to retrieve information on the file system type on which a user is working, respectively with the options listquota
and filesystem
.
% fs4 help
fs4: Commands are:
acl help on access control list
domain list workstation's domain
filesystem display filesystem type
flush flush file from cache
listacl list access control list
listquota list volume quota
recsetacl recursively set access control list
setacl set access control list
version show version
Backup policy
Two backups on disk (snapshots) are run everyday on the HOME and THRONG storage areas.
Snapshots are taken twice a day (noon and midnight) and are kept for three months. They are accessible in each of the space sub-directories via the “.snapshot” sub-directory. For example, in directories $HOME/.snapshot
and $THRONG_DIR/.snapshot
, but also from $ HOME/<my directory>/.snapshot
. Snapshots are sorted by date and are read-only. With snapshots, users can easily recover files or their old versions.
Note
Please note that the directory .snapshot
is hidden and cannot be listed with ls -la
.
You may use the environment variable HOME_BACKUP
that points to /pbs/home/<u>/<username>/.snapshot
.
Manage ACL
General purpose of ACL in PBS
The PBS service provides permissions management for directories and files (access control list - ACL), both standard Unix and NFSv4. Most of the time, Unix rights are sufficient (manipulation with the command chmod
). To extend this Unix rights management, when for example several users or several groups must benefit from access permissions, the use of ACL NFSv4 is very useful.
Attention
The use of the command chmod
(Unix rights) on a file or a directory has the effect of deleting the NFSv4 ACLs possibly positioned.
Some editors (vi
and emacs
in particular) when used to modify the content of text files, reapply Unix ACLs, which has the effect of deleting any NFSv4 ACLs that may be set.
The different types of permissions supported by fs4
are available with the acl
option:
% fs4 acl
# Basic perms
a - administer, change the entries on the ACL
r - read-data (files) / list-directory (directories)
w - write-data (files) / create-file (directories)
x - execute (files) / change-directory (directories)
# Shortcuts
admin - shortcut for rwxa
read - shortcut for rx
write - shortcut for rwx
none - shortcut for removing all perms
List an ACL
The ACL related to a file or directory can obtained by the command:
% fs4 help listacl
fs4 listacl: list access control list
aliases: la
Usage: fs4 listacl [path] [-help]
Example for the HOME
directory of the user foo
that belongs to the group babar
group:
% fs4 listacl $HOME
Access list for /pbs/home/f/foo is
Normal rights:
foo rwxa
babar rx
Modify an ACL
To modify an ACL, run the command setacl
:
% fs4 help setacl
fs4 setacl: set access control list
aliases: sa
Usage: fs4 setacl <path> <grantee> <perms> [-help]
Where: path file or directory
grantee user, group or the keywords owner, group or everyone
perms shortcut or a combination of "r", "w", "x", "a"
Shortcuts: "admin" (rwxa), "write" (rwx), "read" (rx), "none"
To modify an ACL recursivly, run the command recsetacl
:
% fs4 help recsetacl
fs4 recsetacl: recursively set access control list
aliases: rsa
Usage: fs4 recsetacl <path> <grantee> <perms> [-help]
Where: path file or directory
grantee user, group or the keywords owner, group or everyone
perms shortcut or a combination of "r", "w", "x", "a"
Shortcuts: "admin" (rwxa), "write" (rwx), "read" (rx), "none"
Example
Considering a user foo
having a directory mydir
within the THRONG_DIR
of its group babar
, with the following ACL:
% fs4 listacl mydir/
Access list for mydir/ is
Normal rights:
foo rwxa
babar r-x-
everyone r-x-
To restrict the access to this directory only to the members of the babar
group:
% fs4 setacl mydir everyone none
% fs4 listacl mydir/
Access list for mydir/ is
Normal rights:
foo rwxa
babar r-x-
To give write access to the user bar
:
% fs4 setacl mydir bar write
% fs4 listacl mydir/
Access list for mydir/ is
Normal rights:
bar rwx-
foo rwxa
babar r-x-