Controlling Access to Cluster Resources

By default, anyone who can log into the master node of the cluster can send a job to any compute node; this is not always desirable. You can use node ownership and mode to restrict the use of each node to a certain user or group.

What Node Ownership Means

Each node has user, group and mode bits assigned to it; these indicate who is allowed to run jobs on that node. The user and group bits can be set to any user ID or group ID on your system. In addition, the use of a node can be unrestricted by setting the user and group to "root".

For the BProc unified process space, the node permissions "root" and "any" are equivalent. Node user access follows the normal Linux convention, i.e., the most restrictive access rule is the one used. Following are a couple of examples:

Tip

In Linux systems, "other" is defined as anyone not listed in the user or group.

Checking Node Ownership

You can display the current ownership of the nodes in your cluster by running the BeoSetup tool. Alternatively, run bpstat from the command line, as follows:

[root@cluster ~] # bpstat
Node(s)	Status	Mode		User	Group	
16-31	down	----------	root	root	
0-15	up	---x--x--x	root	root	

The "User" column shows the user for each node and the "Group" column shows the group for each node.

Setting Node Ownership

You can set node ownership with the bpctl command. Use the -S option to specify which node to change. Use either the -u option to change the user, -g option to change the group, or -m to change the mode. The only bit utilized for the mode is the execute bit. Following are some examples.

See the Reference Guide for additional details on bpctl.

Using bpctl does not permanently change the node ownership settings. Whenever the master node reboots or BeoSetup causes the BProc daemon to be restarted, the node ownership settings will revert to the settings stored in the cluster config file /etc/beowulf/config. To make permanent changes to these settings, you must edit this file. The Reference Guide provides details for the /etc/beowulf/config file.