Restrict user access to remote hosts

Even if your cluster restricts users from directly accessing remote hosts, they can still use lsrun, lsgrun, and ch to run tasks on specific remote hosts.

To prevent users from accessing specific remote hosts and let LSF control which remote hosts are being used, restrict access to the lsrun, lsgrun, and ch commands.

  1. Edit the lsf.conf file.
  2. Restrict user access to the lsrun and lsgrun commands by specifying the LSF_DISABLE_LSRUN parameter.

    LSF_DISABLE_LSRUN=Y

    LSF administrators still have access to lsrun and lsgrun.

  3. Reconfigure LIM and restart mbatchd on the master host to activate these changes.

    lsadmin reconfig

    badmin mdbrestart

  4. Restrict access to the ch commands by restricting the execution permissions of the ch binary in the LSF binary directories to the LSF administrators.

Only LSF administrators can run lsrun and lsgrun to launch tasks in remote hosts, and only LSF administrators can run ch to change the remote hosts on which a task runs.