Project Sharing
Overview
Project Sharing is a feature of Posit Workbench that enables users to work together on RStudio Pro projects. When enabled, a project owner may select any number of other Posit Workbench users as project collaborators. Posit Workbench manages the permissions of files in the project to ensure that all collaborators can access them, enables multiple collaborators to edit a file simultaneously, and lets collaborators see who else is working inside a project with them.
Prerequisites
The use of EFS (Elastic File System) for project sharing directories within AWS is not supported due to the absence of access control lists (ACLs) on EFS. We recommend using a traditional NFSv3 or NFSv4 mount instead.
The following sections outline additional prerequisites that your file system must meet.
Access Control Lists
To use Project Sharing, the directories hosting the projects to be shared must be on a volume that supports Access Control Lists (ACLs). Posit Workbench uses ACLs to grant collaborators access to shared projects; ordinary file permissions are not modified.
Instructions for enabling ACLs vary by Linux distribution and filesystem type (see the Guide to enabling ACLs on Ubuntu or RedHat, for example). Posit Workbench supports both NFSv3 (POSIX compatible) and NFSv4 ACLs.
Project Sharing and NFS
If you plan to use Project Sharing with NFS-mounted volumes, there are several caveats you should be aware of.
We recommend mounting NFS without the
noac
mount option as it can impact performance significantly.We recommend tuning NFS caching with the
actimeo
mount option and a value somewhere between 0 and 2. Withactimeo=0
, caching is disabled for quicker shared project updating, but higher network usage. For values greater than 0, NFS caches file attributes for lower network usage, but larger values make it harder for users working simultaneously in a project to know whether they’re seeing each others’ latest changes. You will want to test which values give the right trade off for your environment and your users.Some features which automatically update when directory contents change will not update on NFS. For instance, users may need to manually refresh the Files pane to see new files added by collaborators.
ACL support on NFS is more complicated than ACL support on local file systems. Read ACLs on Linux NFS for a discussion of the issues; guidance for configuring specific NFS versions is provided below.
Determining NFS version
Project Sharing works with versions 3 and 4 of the NFS protocol. However, some additional configuration may be necessary depending on the NFS version and underlying filesystem. To determine your NFS client version, run the following command on your Posit Workbench instance:
$ nfsstat -m
You should see vers=3.0
in the output if you’re using NFSv3, and vers=4.0
if you’re using NFSv4. Extra Posit Workbench configuration is required for NFSv4 clients (see below).
NFSv3
To use NFSv3 access control lists, you will need to ensure that the filesystem is mounted with the acl
attribute, and modify /etc/fstab
if necessary to persist the attributes.
Note that many Linux distributions now have ACLs enabled by default in which case no special configuration is required. You can use the tune2fs
command to inspect the attributes with which your filesystem is mounted (user_xattr
and acl
are required for project sharing).
On most systems this is the default, so you need only ensure that noacl
is not present. It’s also necessary for the file system on the NFS server to itself be appropriately configured for ACL support; see the section above on Access Control Lists for guidance. Not all file servers that support the NFSv3 protocol also support POSIX compatible ACLs.
To test for POSIX compatible ACLs, you can use the setfacl
command as follows:
setfacl -m u:user2:x /home/user1/project
where /home/user1/project
is the full path to a directory owned by user1
, and user2
is another valid user on the system.
Because many Linux systems support POSIX compatible ACLs on the native filesystem, Posit Workbench uses them by default. You can also specify them explicitly as follows:
/etc/rstudio/rsession.conf
nfs-acl-version=nfsv3
NFSv4
Version 4 of the NFS protocol uses a very different permissions and ACL model from Version 3. Not all NFSv4 servers support or expose the NFSv4 ACL model, so check with the server administrator to determine whether the capability exists and/or can be enabled.
Testing for support
To test NFSv4 ACL support, you can use the nfs4_setfacl
command as follows:
nfs4_setfacl -a A::user2@domain:rax /home/user1/project
where /home/user1/project
is the full path to a directory owned by user1
, user2
is another valid user on the system, and domain
is your system’s user domain. Verify that this command succeeds, and that the new ACL entry for user2@domain
is visible when you retrieve it:
nfs4_getfacl /home/user1/project
This presumes that your environment supports using user/domain pairs as security principals. While most environments do, there are two different ways to specify security principals in NFSv4 ACLs: by user name and domain (preferred) or user ID. Posit Workbench can use either, but you’ll need to choose one appropriate for your network environment. If unsure, examine the output of the nfs4_getfacl
operation described above. The security principal (the part after e.g., A::
on each line) will be displayed as either a large integer (UID) or in username@domain
format.
Using user name and domain security principals
NFSv4 ACLs differ from NFSv3 ACLs in that they can associate a domain with each user named in the access control list. This is typically the same as the domain part of the machine’s host name, but can be any string that the NFSv4 client and server agree on. On Linux systems, the domain can be set in /etc/idmapd.conf
.
Tell Posit Workbench the NFSv4 domain you want to use as follows:
/etc/rstudio/rsession.conf
nfs-acl-version=nfsv4
nfs4-principal-type=username
nfs4-domain=mydomain.com
Using user ID security principals
In some environments, it may not be possible to resolve fully qualified user@domain
security principals on all of the nodes running Posit Workbench. This is common on e.g., Kubernetes nodes which are not domain-joined. In this case, it’s possible to use raw User ID (UID) values as security principals in the access control list. You can tell Posit Workbench to write raw UIDs as security principals in NFSv4 access control lists as follows:
nfs-acl-version=nfsv4
nfs4-principal-type=uid
User visibility
Projects can only be shared with users with provisioned local system accounts unless LDAP is used for local account provisioning.
The Posit Workbench user database is scanned to list Project Sharing users. This method of user scanning avoids making calls to the system to determine the available users, and prevents making queries to the system password database (such as LDAP). However, it only lists users who have previously logged in to Posit Workbench. To instead show all users on the server, set the following configuration to scan the system password database:
/etc/rstudio/rsession.conf
project-sharing-enumerate-server-users=1
When scanning via the system password database, if you’re using sssd with LDAP, you may need to enable user enumeration so that Posit Workbench can search the directory to create a list of users you can share a project with. To do this, set the following in your sssd.conf file:
[domain/<domainname>]
enumerate = true
Alternatively, the auth-required-user-group
setting can be used. This setting allows Posit Workbench to enumerate only the members of the named groups rather than the entire user directory. Therefore, if you cannot enable user enumeration on your LDAP provider, you can instead create a group containing all Posit Workbench users and supply it as the auth-required-user-group
.
You can read more about user enumeration in the sssd FAQ.
User display names
Inside a shared project, Posit Workbench displays a list of other user sessions that are active inside the shared project. In order to determine the name of each user, the following fields are examined; the first non-empty one will be used.
- The first record in the user’s GECOS field, representing the user’s full name.
- The user’s display username, as supplied by Proxied Authentication.
- The user’s system username.
Proxy settings
If you are running Posit Workbench with a proxy, you’ll need to make sure that your proxy is correctly configured to pass websocket connections through in order for all Project Sharing features to work. See the Running with a Proxy section for more on this.
Disabling Project Sharing
Project Sharing is enabled by default however you can disable it using the server-project-sharing
option, for example:
/etc/rstudio/rserver.conf
server-project-sharing=0