We have an environment of a few thousand users running applications on about 40 clusters ranging in size from 20 compute nodes to 98,000 compute nodes. Users on these systems generate massive files (sometimes > 1PB) controlled by traditional unix permissions (ACLs usually aren't available or practical due to the specialized nature of the filesystem).
We currently have a program called "give", which is a suid-root program that allows a user to "give" a file to another user when group permissions are insufficient. So, a user would type something like the following to give a file to another user:
> give username-to-give-to filename-to-give ...
The receiving user can then use a command called "take" (part of the give program) to receive the file:
> take filename-to-receive
The permissions of the file are then effectively transferred over to the receiving user.
This program has been around for years and we'd like to revisit things from a security and functional point of view.
Our current plan of action is to remove the bit rot in our current implementation of "give" and package it up as an open source app before we redeploy it into production.
Does anyone have another method they use to transfer extremely large files between users when only traditional unix permissions are available?