PBS

The Permanent Backed-up Storage (PBS) is a shared filesystem that hosts:

  • users personal directories,

    • environment variable: $HOME

    • default quota: 20 GiB

  • experiments THRONG directories,

    • environment variable: $THRONG_DIR

    • default quota: 100 GiB

  • common software installed by CC-IN2P3.

The PBS service ensures a daily backup of all these data. These storage areas are accessible to both users connected to interactive servers and to jobs running on compute servers.

Users can ask for quota extensions on PBS if needed. To do so, please contact the user support.

The command fs4 allows, along with ACL management, to consult the storage quota and to retrieve information on the file system type on which a user is working, respectively with the options listquota and filesystem.

% fs4 help
fs4: Commands are:
acl             help on access control list
domain          list workstation's domain
filesystem      display filesystem type
flush           flush file from cache
listacl         list access control list
listquota       list volume quota
recsetacl       recursively set access control list
setacl          set access control list
version         show version

Backup policy

Two backups on disk (snapshots) are run everyday on the HOME and THRONG storage areas.

Snapshots are taken twice a day (noon and midnight) and are kept for three months. They are accessible in each of the space sub-directories via the “.snapshot” sub-directory. For example, in directories $HOME/.snapshot and $THRONG_DIR/.snapshot, but also from $ HOME/<my directory>/.snapshot. Snapshots are sorted by date and are read-only. With snapshots, users can easily recover files or their old versions.

Note

Please note that the directory .snapshot is hidden and cannot be listed with ls -la.

You may use the environment variable HOME_BACKUP that points to /pbs/home/<u>/<username>/.snapshot.

Manage ACL

General purpose of ACL in PBS

The PBS service provides permissions management for directories and files (access control list - ACL), both standard Unix and NFSv4. Most of the time, Unix rights are sufficient (manipulation with the command chmod). To extend this Unix rights management, when for example several users or several groups must benefit from access permissions, the use of ACL NFSv4 is very useful.

Attention

The use of the command chmod (Unix rights) on a file or a directory has the effect of deleting the NFSv4 ACLs possibly positioned.

Some editors (vi and emacs in particular) when used to modify the content of text files, reapply Unix ACLs, which has the effect of deleting any NFSv4 ACLs that may be set.

The different types of permissions supported by fs4 are available with the acl option:

% fs4 acl
# Basic perms
a - administer, change the entries on the ACL
r - read-data (files) / list-directory (directories)
w - write-data (files) / create-file (directories)
x - execute (files) / change-directory (directories)

# Shortcuts
admin - shortcut for rwxa
read  - shortcut for rx
write - shortcut for rwx
none  - shortcut for removing all perms

List an ACL

The ACL related to a file or directory can obtained by the command:

% fs4 help listacl
fs4 listacl: list access control list
aliases: la
Usage: fs4 listacl [path] [-help]

Example for the HOME directory of the user foo that belongs to the group babar group:

% fs4 listacl $HOME
Access list for /pbs/home/f/foo is
Normal rights:
foo     rwxa
babar   rx

Modify an ACL

To modify an ACL, run the command setacl:

% fs4 help setacl
fs4 setacl: set access control list
aliases: sa
Usage: fs4 setacl <path> <grantee> <perms> [-help]
Where:     path       file or directory
           grantee    user, group or the keywords owner, group or everyone
           perms      shortcut or a combination of "r", "w", "x", "a"
Shortcuts: "admin" (rwxa), "write" (rwx), "read" (rx), "none"

To modify an ACL recursivly, run the command recsetacl:

% fs4 help recsetacl
fs4 recsetacl: recursively set access control list
aliases: rsa
Usage: fs4 recsetacl <path> <grantee> <perms> [-help]
Where:     path       file or directory
           grantee    user, group or the keywords owner, group or everyone
           perms      shortcut or a combination of "r", "w", "x", "a"
Shortcuts: "admin" (rwxa), "write" (rwx), "read" (rx), "none"

Example

Considering a user foo having a directory mydir within the THRONG_DIR of its group babar, with the following ACL:

% fs4 listacl mydir/
Access list for mydir/ is
Normal rights:
  foo      rwxa
  babar    r-x-
  everyone r-x-

To restrict the access to this directory only to the members of the babar group:

% fs4 setacl mydir everyone none
% fs4 listacl mydir/
Access list for mydir/ is
Normal rights:
  foo      rwxa
  babar    r-x-

To give write access to the user bar:

% fs4 setacl mydir bar write
% fs4 listacl mydir/
Access list for mydir/ is
Normal rights:
  bar      rwx-
  foo      rwxa
  babar    r-x-