Server Security Settings

Overview of the Workload Manager server security settings that can be set for an HPC cluster.

Users See Other's Jobs

By default, users may only see their own jobs. However, administrators can give users permission to query the status of jobs owned by other users by enabling the Users See Other's Jobs setting.

Flat UID

Enabling this setting specifies that no extra authentication is necessary for a user across the HPC complex including the submission node, headnode, and the execution nodes.

The value of this option also affects whether the .rhosts and host.equiv files are checked. These files contain the hosts and users that are trusted by the local host. If this option is enabled, the .rhosts and host.equiv files are not queried, and for any users at host2, only UserA is treated as UserA@host1. If this option is disabled, the .rhosts and host.equiv files are queried. For example:

UserA@host1 has a job

UserB@host2 is in UserA@host1’s .rhosts

a. Flat UID is enabled: UserB@host2 cannot operate on UserA@host1's job

b. Flat UID is disabled: UserB@host2 can operate on UserA@host1's job

UserA@host1 submits a job

UserA@host2 is not in UserA@host1’s .rhosts

a. Flat UID is enabled: UserA@host2 can operate on UserA@host1’s job

b. Flat UID is disabled: UserA@host2 cannot operate on UserA@host1's job

Managers

Grant PBS Manager privileges to users. A Manager is authorized to use all restricted capabilities of PBS. A PBS Manager may act upon the server, queues, or jobs.

Operators

Grant PBS Operator privileges to users. Operators can manage the non-security-related attributes of PBS such as setting and unsetting non-security attributes of vnodes, queues, and the Server. Operators can also set queue ACLs.