PNCE-Unix Documentation: Home vs Groupspace
PNCE-Unix Documentation: Home vs Groupspace
The PNCE-Unix cluster introduces the concepts of distinct home space and group space for storing your files, departing from a number of previous clusters in the physics department. This differentiation may appear to be an arbitrary impediment to the use of the system, but it was done for for sound reasons, and is the simplest way for all involved to meet certain requirements. While the distinction between the two classes of storage should be kept in mind, there are a number of tricks that can essentially eliminate the annoyances in using the new system on a day-to-day basis.
One reason that this division was made was because as the use of computers became of greater and greater importance in the department, PCS was beginning to be presented with difficult questions regarding privacy. On most previous clusters in physics, users of the system belonged to a group that was part of the cluster, and their home directory came out of disk space bought by the group. That home directory contained research related files, but it also contained personal files such as personal email. The problem was what happened when someone in the group wanted access to files in the home directory of another member or former member of the same group? This is a particularly nasty dilemma when the owner of the files left the group in less than friendly circumstances. PCS wishes to respect the privacy of users, but also wishes to respect valid requests for access to research related files. So a major motive for making two distinct spaces for the storage of files is to allow for two distinct privacy policies for files.
The PNCE-Unix cluster is also the first truly departmental cluster. It is intended to be an inclusive cluster, granting basic network access to all members of the department. Previous clusters only granted accounts to users in research groups which bought in to the cluster. Since the research groups bought disk space when they joined the cluster, the users were given space out of the research group's disk space. But in the PNCE-Unix cluster, everyone affiliated with the department gets an account, even if they do not belong to a research group which bought disk space.
Similarly, a person's membership in a research group is not eternal, especially for students who may work with several groups before settling down. Often, the group the user joined initially ended up footing the bill for the user's home directory even after they moved on to other groups, due to a combination of poor information flow between the group and PCS and the long queue of tasks for PCS staff.
Finally, the PNCE-Unix cluster was bought with departmental and research group funds in order to provide computing resources for members of the department to further the academic and research goals of the department. However, the growth in the popularity of the world-wide web and electronic mail has led to significant use of the systems for more personal purposes. Within the restrictions of the campus and departmental acceptable use policies, neither the department nor PCS objects to a reasonable amount of personal use of computing resources. Indeed, PCS maintains a web server for publishing personal web pages. However, the term reasonable is quite vague, and PCS has neither the man-power or inclination to start policing the directories of users in an attempt to determine what is research related and what is not. The existance of distinct quotas as provided in the separate group and home space model provides a simple quantified definition of the term reasonable --- if it fits into your homespace without interfering with the operation of your account it is probably reasonable (subject of course to other criteria as discussed in the department acceptable use policy).
Your homespace is where your home directory, the directory you are dropped in when you log onto the system, is located. It also generally includes your personal mail spool directory, and your personal web space. The homespace link above provides more information regarding its directory structure.
Your homespace is provided by the department, not the research group with which you work, if you work with one. The department supplies a modest homespace to everyone affiliated with the department. It is modest as it is really only intended to provide basic computer access and is not meant for use in research (your groupspace, provided by your research group, is supposed to fill that need). It is meant for your personal use, and therefore is acceptable if you wish to use some of that space to put pictures of your pet, etc on your web page. (Again, subject to other conditions in the departmental acceptable use policy. We also request that since the pages will have the departmental IP address attached to them that a certain degree of tastefulness is followed so as not to reflect negatively upon the department and campus.)
You can find the status of your homespace quota with the command:
fs listquota ~>. Indeed, you can use that command, replacing
the tilde with the name of a directory or file, to find the usage of the
quota on the volume containing the file, for either homespace or groupspace.
Indeed, if you are uncertain as to whether a file is in homespace or groupspace,
you can use the above command, replacing the tilde with the filename in
question, to determine the answer. Files in your homespace will have a
volume name (the first field of the second line of output) of the form
h.SOMETHING..., where varaible_code_it(SOMETHING) will
normally be phys.USERNAME. Files in groupspace will have a
volume name of the
form d.phys.GNAME..., where GNAME is an
abbreviation of the name of the research group. Note that in all the above
commands, you can abbreviate listquota to lq.
If you belong to a research group, your group can provide you with a personal area in which to store files related to research. This space, often simple refered to as your groupspace, will be located under the research groups disk area' with the pathname:
/group/GNAME/user/USERNAMEGNAME is an abbreviation of your research group's name
and USERNAME is your login name. Departmental
adminstrative staff
may also have groupspace, located as above with GNAME being
phys-admin.
The existance of and quotas for personal groupspace are determined by the principal investigator of the group and/or certain members of the group designated to PCS by the principal investigator to handle matters concerning computing resources. The latter are herafter referred to as group computing managers. Because your groupspace was provided by your research group for the purpose of furthering your research, it is intended for the storage of work related files only. Although PCS does not currently actively monitor the usage of such space for it's relatedness to research activities, the faculty in the group might.
This leads to the most significant difference, which is how privacy of files stored in the space is treated.
The following is a discussion of the difference of privacy rights for
files located in home space versus group space. This basically means what
happens when someone who does not have rights to view (or write) another
user's file as far as the operating system is concern appeals to PCS to get
access to that file. Of equal importance to those who wish to restrict
access to files is whether or not the operating system is restricting access
to the file to other users. That depends on the setting of the access control list(ACL) for the directory the file resides in, and is a
technical question rather than a policy and will not be discussed in this
page. Please see our introduction
to AFS page and its links for more information on AFS and ACLs in
general. If you are concerned about the privacy of files in a specific case,
also feel free to contact PCS.
Homespace is provided by the department for personal use. As such, PCS considers the contents of files stored on an user's homespace to be private and will not grant access to the files to anyone without either the user's consent or due process. I.e., PCS will not grant your thesis advisor access to files in your home directory without your consent, but will comply with court issued warrants.
(As an aside, the default ACLs on your homespace reflect the above
philosophy. Your home directory and mail spool give you (and systems staff)
read/write access, but no access to anyone else. Your pub
directory, where personal web pages are stored, grant read access to anyone
in the world with an internet connection and appropriate software. Your
backup directory protects your files with the same ACLs as they
had in your primary space.)
Groupspace is provided by your research group (or the department if you
are staff in the departmental administration) for use in your research/work.
As such, the contents of all files stored in a group's groupspace (including
those in your personal groupspace) are considered to be the property of the
sponsoring group (or the department in the case of administrative staff).
Therefore, the principal investigator of the group (or chair of the department
in the case of the phys-admin group), or anyone designated by him,
will be granted access by PCS to any file in the group's groupspace upon
request.
(In another technical aside, the default ACLs on your personal groupspace
again reflect this philosophy. Your personal groupspace,
/group/GNAME/user/USERNAME, and its
subdirectories are by default readable by everyone in your group to
facilitate collaboration, and only you (and systems staff) have read/write
access. However, the group managers for that group have also been given the
right to change the ACLs on those files (though they have generally not been
given explicit write permission, to reduce likelihood of accidental
deletions, etc.))
The basic rule of thumb is as follows:
One complaint users have about the new groupspace is the inconvenience
of typing the long pathname
/group/GNAME/user/USERNAME
everytime they want to access their groupspace. One way to get around that
is to use symbolic links. Symbolic links are a standard feature in Unixes,
allowing you to put a special type of file in a directory that points to
another file or directory. Properly used, they can make life much easier.
(Indeed, the path
/group/GNAME/user/USERNAME
actually already uses symbolic links to some extent, the real path is
actually much worse,
/afs/glue.umd.edu/department/phys/groups/GNAME/user/USERNAME :)
I generally recommend that an user create a symbolic link from their home directory to their groupspace. You can do it with the command like the following:
ln -s /group/GNAME/user/USERNAME ~/worGNAME< and USERNAME
with the group
abbreviation and your login name, respectively. The above command creates
a symbolic link named work in your home directory; you can name
it something else if you wish as long as it doesn't conflict with an existing
file in your home directory.
Once you make the symbolic link (and you only have to do it once, because
the link is part of the filesystem it is persistant between logins), you can
basically pretend that your groupspace is just a subdirectory of your homespace.
The following example will first change directory to your home directory,
then copy the file codeit(workfile) into your groupspace, then run a
binary file myprog in your groupspace, and finally change
directory to your groupspace.
cd ~
cp workfile work/workfile
./work/myprog
cd work
You may also wish to note that a tilde (~) when used at the beginning of a filepath is interpretted as your home directory. This was used a couple of times in the above commands. It also means that it really isn't worth creating the converse symbolic link from your groupspace to your home directory as you can just use the tilde (of course, you can create the symbolic link also if you really want to).
I would suggest if you are writing code that has paths to files in your
groupspace inside it that you take the effort to expand them to the
/group/GNAME/user/USERNAME... form, as
that makes the code easier to share. (Other users will not by default be
able to read your home directory to expand the symbolic link there, and if you
use a tilde for your home directory, they will be looking at their home
directory, not yours, which may have symbolic links pointing elsewhere.)
More advanced users can easily adapt the above to be an even better fit to their usage. For example, if you are working on data for an experiment located at
/group/GNAME/user/USERNAME/experiments/exp11/run45/dataln -s /group/GNAME/user/USERNAME/experiments/exp11/run45/data ~/datadata
directory in your
home directory. When after a few days you decide to move on to run number 46,
you can then issue the commands
rm ~/data
ln -s ~/work/experiments/exp11/run46/data ~/data rm command, when given a symbolic link as an
argument, deletes the link, not what the link points to. However,
using the rm command on a file, even if there is a symbolic link in
the path, will delete the file, so rm ~/data/ImportantData is
dangerous. So in the above
example, the directory ~/work/experiments/exp11/run45/data still
exists. (A further note, if the argument of rm is a file, even
if part of the pathname went through a symbolic link, the file gets deleted.
So rm ~/data/bad.data actually deletes the file
bad.data on your groupspace.) The second line above recreates
the link, this time to another directory. Note that you can use the
~/work link in telling the ~/data link where to
find its target.
By default, your email is stored on your homespace. This is generally a good idea because email can often by rather private and/or personal. However, for some users who do a lot of correspondence related to work or research, the modest quota of your homespace makes this problematic. The current policy of splitting group and home space can handle that, but as they are more the exception than rule, some special handling is required.
There are several ways to deal with this problem, and the best solution
depends on the details of the situation. To describe them, I have to define
some terms about email and its storage. Most users have there email stored
in two locations, some in each location. You have what is refered as your
inbox, which is stored in a special, personal mail spool directory
( /user/username/mail). Most users also have a
directory containing folders of read mail in the mail subdirectory
of their home directory. Basically, your inbox is supposed to be where new
mail is put and stays until you have a chance to read it, sort of like your
mailbox in the departmental mail room. This is the folder which your mail
client normally opens up when you first log on. Incoming mail accumulates
in your inbox, and when you use your mail client to read mail, you should
delete the junk and store the mail worth keeping in folders, just like you
trash the junk mail that comes in your mail box and store the important stuff
somewhere in your office. (Note: some mail clients, particularly Outlook
in certain configurations, allow you to create multiple folders while
still keeping all the mail in your inbox. This can complicate matters, and
is beyond the scope of this document.)
Although it is possible to move one's inbox to groupspace, this is not recommended in most cases, and there are some technical issues (such as ensuring the mail server can write to the directory in question) which cause us to request that you submit a physhelp request if you think you might be interested in such. But generally because incoming mail might be personal, we advise other options be considered first. Note that because your inbox is generally in your homespace, you should not allow your homespace quota to be consumed or you will stop getting mail.
Since most people who have too much mail to store on the homespace have it separated into folders in their home directory, PCS advises them to move selected folders to their groupspace. Folders which are good to move are those which are work-related and not particularly personal. The process is a bit complicated, and we suggest that if you wish to do this you submit a physhelp request and PCS will take care of it. However, for those who wish to know what is being done, the procedure follows:
mail subdirectory should be created in the
user's personal groupspace. Although the directory is in groupspace, and
subject to the privacy policy described above, email
is generally a bit more personal so the default ACL should be changed so
that others in the group cannot read the mail folders. (Group managers for
the group of course can give themselves the ACL to do so, or request it from
PCS). The following commands do that:mkdir /group/GNAME/user/USERNAME/mail
fs sa -dir /group/GNAME/user/USERNAME/mail -acl phys:phys-GNAME none phys:phys-GNAME-mgr la
fs sa -dir /group/GNAME/user/USERNAME/mail -acl system:phys-managers la
fs la -dir /group/GNAME/user/USERNAME/mail
Access list for /group/GNAME/user/USERNAME/mail is
Normal rights:
phys:phys-GNAME-mgr la
phys:phys-pcs-mgr la
system:phys-managers la
system:administrators la
USERNAME rlidwka
mail
directory in the home directory to group space, e.g.
cd ~/mailmv folder1 folder2 ... foldern /group/gname/user/username/mailcd ~/mailln -s /group/gname/user/username/mail/* ~/mailThe last two steps above should repeated whenever you wish to move a new folder to your groupspace.
