Hi, I just read about Globus data sharing capabilities for collaboration: https://wiki.hpc.odu.edu/Software/Globus/Data-Sharing

I have a number of students inside ODU that collaborate regularly with me. Can I take advantage of this Globus sharing to give read-write access to my lab mates at ODU to a specific directory?

Globus ignores UNIX permissions for shared files but can the UNIX permission still be applied to the actual “shared-dir”? i.e. If I create a Globus guess collection such /RC/group/MyResearchGroup/guestcollection1, and give open permission to the MyResearchGroup unix group for that directory, would the users of the group be able to add files? This is the main reason that we wanted a shared dir at ODU, so that students themselves and not just me, can share files when needed.

Short answer is: yes. But please be aware of the differences between collaboration on data using Globus and inside the HPC itself. There are two things at play here:

1. One is the Unix permissions, which govern user’s access rights to files and directories inside the HPC environment, while they are logged on using ssh or Open OnDemand.

2. the other is the access rights that people have when using Globus.

Depending where the students access the files, different rules would apply. Normally, these users want to work on the files on HPC, so you would want to create a shared-directory where people can collaborate. Please contact Research Computing Services for assistance. We will create this directory with the proper group ownership (technically: UNIX sgid bit) and add these students to the group. Then these students can work together on files by creating, editing and deleting files as appropriate in this shared-directory.

On top of this set up, if you want to encourage every student in you research group to use Globus for uploading and downloading files, as long as they are working on the shared-dir set up with the right Unix permission. (Due to technical constraints, this shared-dir need to reside in /RC) then you don’t need to create a “guest collection” to do that job. For ODU users, globus magically knows your HPC user id so it respects the underlying Unix permissions. In this way, you do not use the “guest collection” described in the wiki page linked in the original question.

Now enters Globus data sharing. This provides an interesting scenario where these students don’t have write and/or read access to a directory you own in the HPC environment, but somehow you can allow these students to access them via Globus. You do this by creating a guest collection pointing to shared-dir and assign the proper permissions to these students. You can add and remove people as you see fit yourself without system administrator’s help. But their extra access is given by Globus guest collection, and that doesn’t affect their permissions inside the HPC environment.

To reiterate: The Globus sharing option is generally good for collaboration with people outside of ODU who also do not have access to our HPC system. The Unix permission approach is good for collaboration inside the HPC environment.