At HMS we do the same as Paul's cluster and specify the groups we want to have access to all our compute nodes, we allow two groups that represent our DevOps team and our Research Computing consultants to have access and then corresponding sudo rules for each group to allow different command sets to be run.

Here's an example of how /etc/security/access.conf could be configured:

We do this by adding groups/users to /etc/security/access.conf That
should grant normal ssh access assuming you still have pam_access.so
still in your sshd config. Note that if the user has a job on the node,
slurm will still shunt them into that job even with the access.conf
setting. So when the job ends the user's session will also end. However
if the user has no job on that node, then they can ssh as normal to that
host with out any problem.

-Paul Edmon-

On 7/8/2024 5:48 PM, Chris Taylor via slurm-users wrote:
> On my Rocky9 cluster I got this to work fine also-
>
> Added at the end of /etc/pam.d/sshd:
>
> account    sufficient    pam_listfile.so item=user sense=allow onerr=fail file=/etc/slurm/allowed_users_file
> account    required      pam_slurm_adopt.so
>
> I added a couple of usernames to /etc/slurm/allowed_users_file and they can SSH to the node without a job or allocation there.
>
> Chris
>
>> On 07/08/2024 2:07 PM PDT David Schanzenbach via slurm-users <slurm-users@lists.schedmd.com> wrote:
>>
>>
>> Hi Daniel,
>>
>>   Utilizing pam_access with pam_slurm_adopt might be what you are looking for?
>>   https://slurm.schedmd.com/pam_slurm_adopt.html#admin_access
>>
>>   Thanks,
>>   David
>>
>>

--
slurm-users mailing list -- slurm-users@lists.schedmd.com
To unsubscribe send an email to slurm-users-leave@lists.schedmd.com