LC Policy for Use of /usr/gapps
This is a policy governing the use of the /usr/gapps subdirectory, available on LC production computing resources.
The /usr/gapps file system contain user-supported files that are shared with a number of users, such as applications codes, files used to execute these codes, and source codes maintained or used by a group of LC users.
While the first level of items in /usr/gapps (e.g., /usr/gapps/mydir) are created by LC staff, the contents of the files and subdirectories within /usr/gapps are maintained by LC customers, not LC staff. Users can request changes to items within the /usr/gapps file system by contacting the user who is responsible for (i.e., owner of) the /usr/gapps directory or file.
Request for New Files or Directories to Be Added to /usr/gapps
To request creation of a subdirectory or file in the /usr/gapps directory, the USER_GAPPS form (PDF) must be completed and signed by the requester. The requester must obtain the appropriate authorizing signatures. After the form is complete, send it to LC Customer Services (Hotline).
When the LC Customer Services receives /usr/gapps forms, the authorizations and information are verified and then Customer Services staff will create the requested /usr/gapps files or directories. The requester is then notified that the requested files or directories are ready for use.
If a collection of related files is required, we recommend that a subdirectory within /usr/gapps be requested. For example, the requester or owning group may maintain /usr/gapps/mydir, by creating further subdirectories and files within the mydir subdirectory.
/usr/gapps is a single central file system provided by an NFS server to all LC production systems. It is used by requesters or groups to share platform independent files, for example source code, makefiles, scripts used to execute a job, or data files. It may also be useful for software packages installed on multiple architectures (such as GNU packages).
/usr/gapps is NOT to be used as backup or archival storage, nor as a directory or file for one user to use. These directories provide a more appropriate alternative for group sharing than use of a single individual's home directory for sharing.
LC will control and own the top level of /usr/gapps files and subdirectories. The name and user ownership of top level files and directories (e.g., /usr/gapps/mydir) cannot be changed by the owner or members of the owning group.
Other attributes, such as group ownership and access permissions, may be changed by the owner or members of the owning group, who are responsible for insuring that no inappropriate access is allowed. The original group approver (signer of the USR_GAPPS form) will be made aware that the owner of the directory or files may modify group ownership and access permissions.
On the OCF, no world access permission is allowed without Associate Director approval (see OCF section below) and any unauthorized world permissions will be removed automatically.
Subdirectories and files within /usr/gapps/mydir can be added, deleted, and modified (including permissions) by the owner, and possibly by anyone in the owning group (depending on the access privileges).
World access permissions are not allowed for any file or directory in /usr/gapps, unless the UNIX World Permissions Exemption Form (see forms page for current download) has been completed and approved, and submitted to the LC Hotline. The requester must obtain signature approval from their Programmatic Associate Director. periodic scan enforces this policy.
All access to /usr/gapps and their subdirectories is limited to members of the us_cit group (via the ownership and access permissions set on those file systems). Within the /usr/gapps directories, access may be specified using the UNIX access permissions, e.g., by specifying access for owner, group or all members of us_cit group. The LC Customer Services staff automatically adds all United States citizens to the us_cit group.