The lsb.users file is used to configure user groups, hierarchical fairshare for users and user groups, and job slot limits for users and user groups. It is also used to configure account mappings in a MultiCluster environment.
The lsb.users file is stored in the directory LSB_CONFDIR/cluster_name/configdir, where LSB_CONFDIR is defined in lsf.conf.
Optional. Defines user groups.
The name of the user group can be used in other user group and queue definitions, as well as on the command line. Specifying the name of a user group in the GROUP_MEMBER section has exactly the same effect as listing the names of all users in the group.
The first line consists of two mandatory keywords, GROUP_NAME and GROUP_MEMBER. The USER_SHARES and GROUP_ADMIN keywords are optional. Subsequent lines name a group and list its membership and optionally its share assignments and administrator.
Each line must contain one entry for each keyword. Use empty parentheses () or a dash - to specify the default value for an entry.
Begin UserGroup
GROUP_NAME GROUP_MEMBER GROUP_ADMIN
groupA (user1 user2 user3 user4) (user5)
groupB (groupA user5) (groupA)
groupC (!) ()
End UserGroup
Begin UserGroup
GROUP_NAME GROUP_MEMBER USER_SHARES
groupB (user1 user2) ()
groupC (user3 user4) ([User3,3] [User4,4])
groupA (GroupB GroupC user5) ([User5,1] [default,10])
End UserGroup
A list of user names or user group names that belong to the group, enclosed in parentheses and separated by spaces.
User and user group names can appear on multiple lines because users can belong to multiple groups.
User groups may be defined recursively but must not create a loop.
(user_name | user_group ...) | (all) | (!)
Specify the following, all enclosed in parentheses:
User and user group names, separated by spaces. User names must be valid login names. To specify a Windows user account, include the domain name in uppercase letters (DOMAIN_NAME\user_name).
User group names can be LSF user groups defined previously in this section, or UNIX and Windows user groups. To specify a Windows user group, include the domain name in uppercase letters (DOMAIN_NAME\user_group).
The reserved name all specifies all users in the cluster.
An exclamation mark (!) indicates an externally-defined user group, which the egroup executable retrieves.
User group administrators are a list of user names or user group names that administer the jobs of the group members, enclosed in parentheses and separated by spaces.
A user group administrator is allowed to control any jobs of the members of the user group they administer. A user group administrator can also resume jobs stopped by the LSF administrator or queue administrator if the job belongs to a member of their user group.
A user group administrator has privileges equivalent to those of a job owner. A user group administrator can control any job belonging to member users of the group they administer.
To manage security concerns, you cannot specify the keyword ALL for any user group administrators.
Specify the following, all enclosed in parentheses:
User and user group names, separated by spaces. User names must be valid login names. To specify a Windows user account, include the domain name in uppercase letters (DOMAIN_NAME\user_name).
User group names can be LSF user groups defined previously in this section, or UNIX and Windows user groups. To specify a Windows user group, include the domain name in uppercase letters (DOMAIN_NAME\user_group).
You can specify a user group as an administrator for another user group. In that case, all members of the first user group become administrators for the second user group.
You can also specify that all users of a group are also administrators of that same group.
Users can be administrators for more than one user group at the same time.
Wildcard and special characters are not supported (for example: *, !, $, #, &, ~)
The reserved keywords ALL, others, default, allremote are not supported.
User groups with members defined with the keyword ALL are also not allowed as a user group administrator.
User groups and user groups administrator definitions cannot be recursive or create a loop.
Optional. Enables hierarchical fairshare and defines a share tree for users and user groups.
By default, when resources are assigned collectively to a group, the group members compete for the resources according to FCFS scheduling. You can use hierarchical fairshare to further divide the shares among the group members.
Enclose the list in parentheses, even if you do not specify any user share assignments.
Enclose each user share assignment in square brackets, as shown.
A single user (specify user_name). To specify a Windows user account, include the domain name in uppercase letters (DOMAIN_NAME\user_name).
Users in a group, individually (specify group_name@) or collectively (specify group_name). To specify a Windows user group, include the domain name in uppercase letters (DOMAIN_NAME\group_name).
Users not included in any other share assignment, individually (specify the keyword default@) or collectively (specify the keyword default).
By default, when resources are assigned collectively to a group, the group members compete for the resources on a first-come, first-served (FCFS) basis. You can use hierarchical fairshare to further divide the shares among the group members. When resources are assigned to members of a group individually, the share assignment is recursive. Members of the group and of all subgroups always compete for the resources according to FCFS scheduling, regardless of hierarchical fairshare policies.
number_shares—Specify a positive integer representing the number of shares of the cluster resources assigned to the user. The number of shares assigned to each user is only meaningful when you compare it to the shares assigned to other users or to the total number of shares. The total number of shares is just the sum of all the shares assigned in each share assignment.
Optional. If this section is not defined, all users and user groups can run an unlimited number of jobs in the cluster.
This section defines the maximum number of jobs a user or user group can run concurrently in the cluster. This is to avoid situations in which a user occupies all or most of the system resources while other users’ jobs are waiting.
User or user group for which job slot limits are defined.
Use the reserved user name default to specify a job slot limit that applies to each user and user group not explicitly named. Since the limit specified with the keyword default applies to user groups also, make sure you select a limit that is high enough, or explicitly define limits for user groups.
User group names can be the LSF user groups defined previously, and/or UNIX and Windows user groups. To specify a Windows user account or user group, include the domain name in uppercase letters (DOMAIN_NAME\user_name or DOMAIN_NAME\user_group).
Job slot limits apply to a group as a whole. Append the at sign (@) to a group name to make the job slot limits apply individually to each user in the group. If a group contains a subgroup, the job slot limit also applies to each member in the subgroup recursively.
If the group contains the keyword all in the user list, the at sign (@) has no effect. To specify job slot limits for each user in a user group containing all, use the keyword default.
Per processor job slot limit per user or user group.
Total number of job slots that each user or user group can use per processor. This job slot limit is configured per processor so that multiprocessor hosts will automatically run more jobs.
This number can be a fraction such as 0.5, so that it can also serve as a per-host limit. This number is rounded up to the nearest integer equal to or greater than the total job slot limits for a host. For example, if JL/P is 0.5, on a 4-CPU multiprocessor host, the user can only use up to 2 job slots at any time. On a uniprocessor machine, the user can use 1 job slot.
Per-user or per-group pending job limit. This is the total number of pending job slots that each user or user group can have in the system. If a user is a member of multiple user groups, the user’s pending jobs are counted towards the pending job limits of all groups from which the user has membership.
If ENFORCE_ONE_UG_LIMITS is set to Y in lsb.params and you submit a job while specifying a user group, only the limits for that user group (or any parent user group) apply to the job even if there are overlapping user group members.
Optional. Used only in a MultiCluster environment with a non-uniform user name space. Defines system-level cross-cluster account mapping for users and user groups, which allows users to submit a job from a local host and run the job as a different user on a remote host. Both the local and remote clusters must have corresponding user account mappings configured.
(user4@cluster2 user6@cluster2)
Begin UserMap
LOCAL REMOTE DIRECTION
user1 user2@cluster2 export
user3 user6@cluster2 export
End UserMap
Begin UserMap
LOCAL REMOTE DIRECTION
user2 user1@cluster1 import
user6 user3@cluster1 import
End UserMap
Cluster1 configures user1 to run jobs as user2 and user3 to run jobs as user6.
Cluster2 configures user1 to run jobs as user2 and user3 to run jobs as user6.
Variable configuration is used to automatically change LSF configuration based on time windows. You define automatic configuration changes in lsb.users by using if-else constructs and time expressions. After you change the files, reconfigure the cluster with the badmin reconfig command.
The expressions are evaluated by LSF every 10 minutes based on mbatchd start time. When an expression evaluates true, LSF dynamically changes the configuration based on the associated configuration statements. Reconfiguration is done in real time without restarting mbatchd, providing continuous system availability.