[I’m not a cryosparc user, I’m in IT]
we run our cryosparc systems only with local user accounts. We have a HPC on which we run CS v3.3.2 and a separate box with an install of CS v4.7.1. The v4 was a trial but it’s been getting a lot of use and is quickly morphing into a production system.
One of my users, with an account in each system, has been trying to transfer jobs from v3 to v4 but when they do they get permission errors.
"The CryoSparc3 exports folder:
/work/WorkCarriersC/dal50/20241002-AGC/CryoSparc/P112/exports
drwxrwxr-x. 3 cryosparc3 software 4096 May 23 07:48 exports
is owned by user cryosparc3 and group software. I (dal50) do not have write access.
The CryoSparc4 imports folder:
/work/WorkCarriersC/dal50/20241002-AGC/CryoSparc/CS-apc-project/imports
drwxrwxr-x. 2 21376 21376 4096 May 23 07:59
is owned by cryosparc4:cryosparc4d, which prevents me from importing jobs."
To get around this limitation, we have set the permissions on the relevant folder to 777. However, this isn’t optimum.
Is there any other advice out there? Many thanks
Welcome to the forum @MRC-MBU .
There are various alternatives to the unsafe 777
permissions.
In your specific situation.
- user
dal50
would not require write access, but read access on the “source” instance’s /work/WorkCarriersC/dal50/20241002-AGC/CryoSparc/P112/exports/
folder
- user would require write access to the destination instance’s
/work/WorkCarriersC/dal50/20241002-AGC/CryoSparc/CS-apc-project/imports/
or a subfolder like
/work/WorkCarriersC/dal50/20241002-AGC/CryoSparc/CS-apc-project/imports/dal50/
, to which user cryosparc4
would require read access.
Given suitable group definitions and memberships, carefully tuned permissions would need to be granted at most to a group, but not to “the world”. You may consider setting setgid
and a suitably configured group on the container directory that holds CryoSPARC project directories. You may additionally consider setting the sticky bit on directories that have group write permissions.
Please see the guide for a discussion and examples.
1 Like
Many thanks for your reply, we’ll have a go and try it out.
Cheers,
Eric Marcus