Cluster Data Privacy (Admin Guide)
Practical Measures to increase Data Privacy on HPC Systems
Visibility of Jobs
Slurm can be configured with the PrivateData option which can take different arguments depending on which information should be restricted. A detailed list can be found at . This option has to be added to the slurm.conf and the slurmdbd.conf. For a HPC system the following choice is a good starting point:
Visibility of Data during a Job
Slurm job container () can be used to isolate the usage of /dev/shm and /tmp when nodes are shared between jobs.
The Slurmdbd support the automatic purging of data (events, jobs, reservations, job steps, usage) in the accounting database based on a time schedule with the options PurgeEventAfter, PurgeJobAfter, PurgeResvAfter, PurgeStepAfter, PurgeSuspendAfter, PurgeTXNAfter, and PurgeUsageAfter. Together with the archiving functionality and especially the ArchiveScript fine-grained purging can be realized.
Visibility of Processes
The visibility of processes of other users on the frontend nodes or compute nodes with options like hidepid (), ProtectProc and ProcSubset (). However, careful testing of services especially monitoring services is required to avoid side effects.
Visibility of Login Information
The access to files like /var/log/lastlog, /var/run/utmp, and /var/log/wtmp can be restricted to disable tools like who, last and lastlog.