https://hpc-wiki.info/hpc/index.php?action=history&feed=atom&title=Admin_Cluster_Data_PrivacyAdmin Cluster Data Privacy - Revision history2026-05-26T11:16:48ZRevision history for this page on the wikiMediaWiki 1.35.9https://hpc-wiki.info/hpc/index.php?title=Admin_Cluster_Data_Privacy&diff=4954&oldid=prevRobert-schade-e757@uni-paderborn.de: Created page with "Cluster Data Priavcy<nowiki /> Cluster Data Privacy<nowiki /> {{DISPLAYTITLE:Cluster Data Privacy (Admin Guide)}}<no..."2022-10-27T06:21:41Z<p>Created page with "<a href="/hpc/Category:HPC-Admin" title="Category:HPC-Admin">Cluster Data Priavcy</a><nowiki /> <a href="/hpc/Category:HPC.NRW-Best-Practices" title="Category:HPC.NRW-Best-Practices">Cluster Data Privacy</a><nowiki /> {{DISPLAYTITLE:Cluster Data Privacy (Admin Guide)}}<no..."</p>
<p><b>New page</b></p><div>[[Category:HPC-Admin|Cluster Data Priavcy]]<nowiki /><br />
[[Category:HPC.NRW-Best-Practices|Cluster Data Privacy]]<nowiki /><br />
{{DISPLAYTITLE:Cluster Data Privacy (Admin Guide)}}<nowiki /><br />
<br />
== Practical Measures to increase Data Privacy on HPC Systems ==<br />
<br />
=== SLURM ===<br />
==== Visibility of Jobs ==== <br />
Slurm can be configured with the PrivateData option which can take different arguments depending on which information should be restricted. A detailed list can be found at [https://slurm.schedmd.com/slurm.conf.html]. This option has to be added to the slurm.conf and the slurmdbd.conf.<br />
For a HPC system the following choice is a good starting point:<br />
<pre><br />
PrivateData=accounts,users,usage,jobs,events<br />
</pre><br />
<br />
==== Visibility of Data during a Job ====<br />
Slurm job container ([https://slurm.schedmd.com/job_container.conf.html]) can be used to isolate the usage of /dev/shm and /tmp when nodes are shared between jobs. <br />
<br />
==== Accounting Data ====<br />
The Slurmdbd support the automatic purging of data (events, jobs, reservations, job steps, usage) in the accounting database based on a time schedule with the options PurgeEventAfter, PurgeJobAfter, PurgeResvAfter, PurgeStepAfter, PurgeSuspendAfter, PurgeTXNAfter, and PurgeUsageAfter. Together with the archiving functionality and especially the ArchiveScript fine-grained purging can be realized.<br />
<br />
=== Visibility of Processes ===<br />
The visibility of processes of other users on the frontend nodes or compute nodes with options like hidepid ([https://www.kernel.org/doc/html/latest/filesystems/proc.html#mount-options]), ProtectProc and ProcSubset ([https://www.freedesktop.org/software/systemd/man/systemd.exec.html]). However, careful testing of services especially monitoring services is required to avoid side effects.<br />
<br />
=== Visibility of Login Information ===<br />
The access to files like /var/log/lastlog, /var/run/utmp, and /var/log/wtmp can be restricted to disable tools like who, last and lastlog.</div>Robert-schade-e757@uni-paderborn.de