File system access control lists

The Lustre file systems on COSMA have extended attribute support such that access control lists can be used for fine-grained control of file access.

By default, POSIX file system control is defined by user, group and world permissions, which can be read, write or execute.

To give a specific user read access to a file, you can use:

#for the user USER:
setfacl -m USER:r /path/to/file

Permissions can also be revoked, e.g.:

setfacl --modify=USER:--- /path/to/file

The getfacl command can be used to see current permissions.