Controlling Access to Cluster Resources
By default, anyone who can log into the master node of the cluster can send a job to any compute node; this is not always desirable. You can use node ownership and mode to restrict the use of each node to a certain user or group.
What Node Ownership Means
Each node has user, group and mode bits assigned to it; these indicate who is allowed to run jobs on that node. The user and group bits can be set to any user ID or group ID on your system. In addition, the use of a node can be unrestricted by setting the user and group to "root".
For the BProc unified process space, the node permissions "root" and "any" are equivalent. Node user access follows the normal Linux convention, i.e., the most restrictive access rule is the one used. Following are a couple of examples:
user "root", group "test", mode 101 (u=1, g=0, o=1) — Users in the group "test" will not be able to access the node.
user "tester", group "root", and mode 011 (u=0, g=1, o=1) — The user "tester" will not be able to access the node.
 | In Linux systems, "other" is defined as anyone not listed in the user or group. |
Checking Node Ownership
You can display the current ownership of the nodes in your cluster by running the BeoSetup tool. Alternatively, run bpstat from the command line, as follows:
[root@cluster ~] # bpstat Node(s) Status Mode User Group 16-31 down ---------- root root 0-15 up ---x--x--x root root |
The "User" column shows the user for each node and the "Group" column shows the group for each node.
Setting Node Ownership
You can set node ownership with the bpctl command. Use the -S option to specify which node to change. Use either the -u option to change the user, -g option to change the group, or -m to change the mode. The only bit utilized for the mode is the execute bit. Following are some examples.
The following sets the user for node 5 to root:
[root@cluster ~] # bpctl -S 5 -u root
The following sets all the nodes to be in the group beousers:
[root@cluster ~] # bpctl -S all -g beousers
The following allows only the group beousers to access the nodes:
[root@cluster ~] # bpctl -S all -g beousers bpctl -S all -m 010
See the Reference Guide for additional details on bpctl.
Using bpctl does not permanently change the node ownership settings. Whenever the master node reboots or BeoSetup causes the BProc daemon to be restarted, the node ownership settings will revert to the settings stored in the cluster config file /etc/beowulf/config. To make permanent changes to these settings, you must edit this file. The Reference Guide provides details for the /etc/beowulf/config file.