Secondary analysis scripts should set permissions on created files in ProjectArchive

[Nicklas Nordborg]

This is related to #864.

Files generated on the project archive file server by secondary analysis scripts should by default only be readable/writable by the user. If a Case can be found that has Consent=Yes the permission on the generated files can be changed so that the group has read permission as well. Permissions on directories should follow the same pattern, but they also need "execute" permission.

After investigating the umask command (​https://en.wikipedia.org/wiki/Umask) it seems like this would be relatively simple by including just one line at the beginning of the script:

• umask 0077 or umask -S u=rwx,g=,o= if there is no consent
• umask 0027 or umask -S u=rwx,g=rx,o= if there is a consent

New files should then automatically be created with correct permissions.

[Nicklas Nordborg]

(In [3792]) References #863: Secondary analysis scripts should set permissions on created files in ProjectArchive

Added support in ScriptBuilder for setting umask -S u=rwx,g=,o= to to make sure files are created as private by default. All jobs should use this setting.

The DemuxJobCreator will try to load the parent case and check the consent. If it is set to Yes it will change to umask -S u=rwx,g=rx,o=.

[Nicklas Nordborg]

(In [3793]) References #863: Secondary analysis scripts should set permissions on created files in ProjectArchive

Added a utility method ScriptBuilder.setUmaskForItem() to make it easy to always include this in generated scripts.

The align and cufflinks jobs now also set the umask.

The job script and other files that are uploaded as input to the job (eg. bardcode files for the demux) are set to private (in StringSourceFile).

Stdout and stderr are still readable by everyone. I guess that is controller by the Open Grid and I haven't been able to find anything about any setting to change this.