Warning

The CRC will officially retire AFS in May, 2027, and the Panasas scratch file system, which hosts the /scratch365 directories, in June, 2026.

File Permissions Guide

It is critical to use permissions on a shared file system to ensure data security and privacy. Using sufficient permissions can prevent accidental changes, e.g. file modification and deletion, and unauthorized access to files. Furthermore, special permissions can enable multi user collaboration within directories.

POSIX permissions

Our storage supports the traditional POSIX (Portable Operating System Interface) standard, that has a simple but at the same time powerful file system permission model. Each file and directory is associated with three sets of permissions that define the access for the owner, the owner group and for everyone else. Each of these sets may contain read, write and execute permissions.

NFSv4 ACLs

NFSv4 ACLs (Network File System version 4 Access Control Lists) provide finer granularity than the POSIX permissions and are very similar to AFS ACLs. Using these ACLs enable users to restrict access to files and directories by users and groups.

Note

We recommend users to use the standard POSIX permissions by default. Users should only switch to ACLs if they actually need the extra complexity.

Comparing POSIX and NFSv4 ACLs

Feature	POSIX	NFSv4 ACLs
Complexity	Simple concepts, permissions set for owner, group and others	Granular, permissions can be defined for multiple users and groups
Permissions	read, write, execute, 3 special permissions	14 different permissions, any combination can be used
Inheritance	Simple solution, permissions are not inherited, only the owner group	4 different inheritance behavior, permissions are also inherited
Tools	chown, chgrp, chmod	nfs4_setfacl, nfs4_getfacl
Use cases	For simple permission needs, e.g. giving read permission to a group	For complex permision needs, e.g. different permissions for different groups, special inheritance behavior

Warning

NFSv4 ACLs take precedence over POSIX permissions.

Additional documentation

• How to use POSIX permissions
  • User Classes
  • Primary Permission Types
  • Changing the permissions
  • Special POSIX permissions
• Managing NFSv4 ACLs
  • ACE Type
  • ACE Flags
  • ACE Principal
  • ACE Permissions
  • Checking the ACLs
  • Setting ACLs on files and directories