File system access control lists

The Lustre file systems on COSMA have extended attribute support such that access control lists can be used for fine-grained control of file access.

By default, POSIX file system control is defined by user, group and world permissions, which can be read, write or execute.

To give a specific user read access to a file, you can use:

#for the user USER:
setfacl -m USER:r /path/to/file

Permissions can also be revoked, e.g.:

setfacl --modify=USER:--- /path/to/file

The getfacl command can be used to see current permissions.

Note, if using ACLs, you will need to remember they are present, as these do not show up using standard ls commands.