Restrict user access to administration commands and log files

About this task

Log files may contain sensitive cluster information that need to be restricted to LSF administrators only. To restrict access to the LSF cluster log files, restrict the read/write permissions to all files in the log directory.

Cluster administrative tools (badmin and lsadmin) can only be used by LSF administrators. To provide an additional layer of security to prevent unauthorized administrator access to your LSF cluster, restrict the execution permissions for these commands.

Procedure

  1. Restrict access to the LSF cluster log files by restricting the read/write permissions of the log directory to the LSF administrators.
  2. Restrict access to the administrative tools by restricting the execution permissions of the badmin and lsadmin binaries in the LSF binary directories to the LSF administrators.
    Tip:

    You can also restrict access to other LSF commands by restricting the execution permissions of their respective binary files.

Results

Only LSF administrators can read the contents of the log directory or run cluster administration commands (badmin and lsadmin).

Parent topic: Secure your Platform LSF cluster