ARC System Changes: 2025-08

ARC systems will be offline for maintenance from 08:00AM on Monday, August 18, 2025 through 5:00PM Wednesday, August 20th, 2025. Most of the scheduled tasks are for regular software and system maintenance which are essential for stablity and system security, but are expected to be transparent to end users.

Changes ARC implements during this maintenance which will have an affect on end users are explained here:

Default umask changes from 022 to 007

Summary

The umask is used by the shell environment to determine the default modes (permissions) which are applied when a user creates a new file or directory. During this maintenance, ARC is updating the umask setting from 022 to 007.

This change is being made to improve collaboration on shared project storage among users in a group. With the changed umask, new files and folders created under /projects will be writeable by members of the group. This change will take effect during the August maintenance. New files and folders you create under /projects will be, by default:

  • User (owner): read & write (and execute for directories)

  • Group (members): read & write (and execute for directories)

  • Others: no permissions

Linux permissions overview

Below is an overview of Linux permissions, examples of common folder‐permission layouts, how to modify permissions/ownership, an FAQ, and a few additional recommendations.

  1. Basic Linux permissions Every file or directory on Linux has the following permissions:

  • Type: read (r), write (w), and execute (x)

  • Level: user (u), group (g), and others (o)

There are used to explicitly control who (user or group and others) can do what (read or write) on each file or directory. This is useful to manage varied types of permissions on different folders within the same /projects shared directory.

  1. New default umask and its effect

  • New umask 007 → new files 660, directories 770

  • Old umask 022 → new files 644, directories 755

So, when you create a file in a /projects directory with the new umask, e.g. touch /projects/project_123/foo.txt, its permissions will be -rw-rw---- (660), owned by you and the arc.project_123 group. Every member in the arc.project_123 group will be able to modify the foo.txt file.

Similarly, when you create a folder in a /projects directory with the new umask, e.g. mkdir /projects/project_123/bar, its permissions will be -rwxrwx--- (770), owned by you and the arc.project_123 group. Every member in the arc.project_123 group will be able to add and remove files from the bar directory.

If you wish to remove the writable permissions of the group on foo.txt you can use the command: chmod g-w /projects/project_123/foo.txt

  1. Common /projects folder layout examples Here are common examples for folders and permissions under /projects/project_123/ Read & write by everyone in the project (default behavior)

mkdir -p /projects/project_123/folder_read_write_everyone chmod 770 /projects/project_123/folder_read_write_everyone

Readable (but not writeable) by everyone in the project. Only the owner can add or remove files and subfolders

mkdir -p /projects/project_123/folder_readable_by_everyone chmod 750 /projects/project_123/folder_readable_by_everyone

Only readable & writable by the owner (e.g. user johndoe)

mkdir -p /projects/project_123/private_folder_johndoe chmod 700 /projects/project_123/private_folder_johndoe chown johndoe:johndoe /projects/project_123/private_folder_johndoe

Users and groups can create a hierarchy of folders with increasingly restricted permissions as needed by the research group.

  1. Other examples for changing permissions & ownership

  • Remove group write: chmod g-w file_or_folder

  • Add group write recursively: chmod -R g+rwX folder_name

  • Change group ownership recursively: chgrp -R arc.project_123 folder_name

  • Change owner & group: chown johndoe:arc.project_123 file_or_folder

FAQ

  1. Will existing files/folders be affected? No. This change only applies to new files and directories under /projects. To update existing objects, use chmod/chown manually (see examples above).

  2. Does this affect the visibility of my /home or /scratch files and directories? No. Despite the umask change, de facto privileges for /home and /scratch remain the same since those areas are intended for private user space. Files and folders under /home and /scratch are by default created with the user’s self group. Optionally, users can use chmod and chown to grant additional read/write permissions to other users/groups for files/folders on /scratch

  3. Can I retain the old default behavior? Yes. To revert to umask 022 for your login shell, you can configure it as part of your bash startup script: echo 'umask 022' >> ~/.bashrc

  4. What happens when I move (mv) files into /projects? The file keeps its original group owner. If you need it to belong to the project group, run: chgrp arc.project_123 moved_file_or_folder Note that mv preserves the original permissions and group.

Additional recommendations

Set setgid bit on shared directories:

chmod g+s /projects/project_123/shared_folder Ensures that new items added directly into this folder will inherit the directory’s group and also the setgid bit automatically.

Consider POSIX ACLs for finer control:

setfacl -m g:othergroup:rwX /path/to/dir

  • Especially useful when you need per‑user or per‑group rules beyond standard Unix bits.

  • Check your group membership: Use groups or id to verify you are in the correct project group.

  • Update scripts and workflows: If you have automated jobs that assume world‑readable output, please adjust them or explicitly chmod where needed.

  • Be mindful of sensitive data: With stricter “other” permissions, reduce the risk of accidental exposure of private data.

If you have questions or need assistance, please open a support ticket.