Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
accounts:account_activation [2023/04/19 11:53] hans [Staff, Faculty, and Visitors] |
accounts:account_activation [2023/06/06 16:03] (current) hans [Slurm Queue Access] |
||
|---|---|---|---|
| Line 28: | Line 28: | ||
| **Note:** UCI Students that are not ICS majors must also go through this onboarding process in order to receive an ICS account. | **Note:** UCI Students that are not ICS majors must also go through this onboarding process in order to receive an ICS account. | ||
| + | |||
| + | |||
| + | |||
| + | ===== Account Access ===== | ||
| + | |||
| + | The following sections attempt to detail how access control is provided on ICS Systems. | ||
| + | |||
| + | ==== (Posix) Group ==== | ||
| + | |||
| + | === Provides Access To === | ||
| + | |||
| + | * Group readable files and directories | ||
| + | * Sudo commands are frequently assigned based on group members | ||
| + | * Docker on some systems. | ||
| + | |||
| + | === How to Grant Access === | ||
| + | |||
| + | User group membership can be set by Helpdesk staff via an [[group:support:accounts:howto_manage_accounts|internal account management tool.]] | ||
| + | |||
| + | Groups may be nested and membership in one group implies membership in any groups that contain said group. | ||
| + | |||
| + | |||
| + | ==== Netgroup and Host Access ==== | ||
| + | |||
| + | === Provides Access To === | ||
| + | |||
| + | * Host login access is permitted based on netgroup membership. | ||
| + | |||
| + | Access may be tested on many systems by running the `/usr/local/bin/testaccess <user>` command. | ||
| + | |||
| + | <code> | ||
| + | circinus-28# testaccess hans | ||
| + | Username Status | ||
| + | ---------------------------------------- | ||
| + | hans ACCESS PERMITTED | ||
| + | </code> | ||
| + | |||
| + | === How to Grant Access === | ||
| + | |||
| + | User netgroup membership can be set by Helpdesk staff via an [[group:support:accounts:howto_manage_accounts|internal account management tool.]] | ||
| + | |||
| + | Netgroups may be nested and membership in one netgroup implies membership in any netgroups that contain said netgroup. | ||
| + | |||
| + | ==== Groupleader ==== | ||
| + | |||
| + | Please see the [[accounts:gsu]] Groupleader Account for more details. | ||
| + | |||
| + | === Provides Access To === | ||
| + | |||
| + | * [[accounts:gsu|Shared group shell accounts]] via `sudo -u <groupleaderaccount> -s` | ||
| + | * [[accounts:mapping_network_drive|Share network drivers]] | ||
| + | |||
| + | === How to Grant Access === | ||
| + | |||
| + | User groupleader access can be provided by helpdesk staff using our [[group:support:accounts:howto_manage_accounts|internal account management tool.]] | ||
| + | |||
| + | The tool adds an equivalency attribute to the groupleader account POSIX account LDAP entry. | ||
| + | |||
| + | ==== Slurm Queue Access ==== | ||
| + | |||
| + | Slurm access is provide based on group membership and netgroup members. | ||
| + | |||
| + | Any member of the grad or ugrad group will automatically have a slurm accounts Use the `sacctmgr show user <username>` from any openlab host to confirm the account is present for <username>. | ||
| + | |||
| + | Any user that has a slurm account and is a member of a netgroup that can login to a host in the slurm queue may submit jobs to that queue. | ||
