The lsb.users file is used to configure user groups, hierarchical fairshare for users and user groups, and job slot limits for users and user groups. It is also used to configure account mappings in a MultiCluster environment.
This file is optional.
The lsb.users file is stored in the directory LSB_CONFDIR/cluster_name/configdir, where LSB_CONFDIR is defined in lsf.conf.
After making any changes to lsb.users, run badmin reconfig to reconfigure mbatchd.
Optional. Defines user groups.
The name of the user group can be used in other user group and queue definitions, as well as on the command line. Specifying the name of a user group in the GROUP_MEMBER section has exactly the same effect as listing the names of all users in the group.
The total number of user groups cannot be more than 1024.
The first line consists of two mandatory keywords, GROUP_NAME and GROUP_MEMBER. The USER_SHARES and GROUP_ADMIN keywords are optional. Subsequent lines name a group and list its membership and optionally its share assignments and administrator.
Each line must contain one entry for each keyword. Use empty parentheses () or a dash - to specify the default value for an entry.
If specifying a specific user name for a user group, that entry must precede all user groups.
Begin UserGroup GROUP_NAME GROUP_MEMBER GROUP_ADMINgroupA (user1 user2 user3 user4) (user5[full])groupB (user7 user8 user9) (groupA[usershares])groupC (groupA user5) (groupA)groupD (!) ()End UserGroupBegin UserGroup GROUP_NAME GROUP_MEMBER GROUP_ADMINgroupA (user1 user2 user3 user4) (user5)groupB (groupA user5) (groupA)groupC (!) ()End UserGroupBegin UserGroup GROUP_NAME GROUP_MEMBER USER_SHARES groupB (user1 user2) () groupC (user3 user4) ([User3,3] [User4,4]) groupA (GroupB GroupC user5) ([User5,1] [default,10]) End UserGroupAn alphanumeric string representing the user group name. You cannot use the reserved name all or a "/" in a group name.
User group members are the users who belong to the group. You can specify both user names and user group names.
User and user group names can appear on multiple lines because users can belong to multiple groups.
When a user belongs to more than one group, any of the administrators specified for any of the groups the user belongs to can control that users’ jobs. Limit administrative control by defining STRICT_UG_CONTROL=Y in lsb.params and submitting jobs with the -G option, specifying which user group the job is submitted with.
User groups may be defined recursively but must not create a loop.
(user_name | user_group ...) | (all) | (!)
Enclose the entire group member list in parentheses. Use space to separate multiple names.
You can combine user names and user group names in the same list.
all
The reserved name all specifies all users in the cluster.
!
An exclamation mark (!) indicates an externally-defined user group, which the egroup executable retrieves.
user_name
User names must be valid login names.
To specify a Windows user account, include the domain name in uppercase letters (DOMAIN_NAME\user_name).
user_group
User group names can be LSF user groups defined previously in this section, or UNIX and Windows user groups.
If you specify a name that is both a UNIX user group and also a UNIX user, append a backslash to make sure it is interpreted as a group (user_group/).
To specify a Windows user group, include the domain name in uppercase letters (DOMAIN_NAME\user_group).
User group administrators can administer the jobs of group members. You can specify both user names and user group names.
If you specify a user group as an administrator for another user group, all members of the first user group become administrators for the second user group.
You can also specify that all users of a group are also administrators of that same group.
Users can be administrators for more than one user group at the same time.
When a user belongs to more than one group, any of the administrators specified for any of the groups the user belongs to can control that users’ jobs. Define STRICT_UG_CONTROL=Y in lsb.params to limit user group administrator control to the user group specified by -G at job submission.
By default a user group administrator has privileges equivalent to those of a job owner, and is allowed to control any job belonging to member users of the group they administer. A user group administrator can also resume jobs stopped by the LSF administrator or queue administrator if the job belongs to a member of their user group.
Optionally, you can specify additional user group administrator rights for each user group administrator.
User group administrator rights are inherited. For example, if admin2 has full rights for user group ugA and user group ugB is a member of ugA, admin2 also has full rights for user group ugB.
Unlike a job owner, a user group administrator cannot run brestart and bread -a data_file.
To manage security concerns, you cannot specify user group administrators for any user group containing the keyword all as a member unless STRICT_UG_CONTROL=Y is defined in lsb.params.
(user_name | user_name[admin_rights] | user_group | user_group[admin_rights] ...)
Enclose the entire group administrator list in parentheses. If you specify administrator rights for a user or group, enclose them in square brackets.
You can combine user names and user group names in the same list. Use space to separate multiple names.
user_name
User names must be valid login names.
To specify a Windows user account, include the domain name in uppercase letters (DOMAIN_NAME\user_name).
user_group
User group names can be LSF user groups defined previously in this section, or UNIX and Windows user groups.
If you specify a name that is both a UNIX user group and also a UNIX user, append a backslash to make sure it is interpreted as a group (user_group/).
To specify a Windows user group, include the domain name in uppercase letters (DOMAIN_NAME\user_group).
admin_rights
If no rights are specified, only default job control rights are given to user group administrators.
usershares: user group administrators with usershares rights can adjust user shares using bconf update.
full: user group administrators with full rights can use bconf to adjust both usershares and group members, delete the user group, and create new user groups.
User group administrators with full rights can only add a user group member to the user group if they also have full rights for the member user group.
User group administrators adding a new user group with bconf create are automatically added to GROUP_ADMIN with full rights for the new user group.
Wildcard and special characters are not supported (for example: *, !, $, #, &, ~)
The reserved keywords others, default, allremote are not supported.
User groups with the keyword all as a member can only have user group administrators configured if STRICT_UG_CONTROL=Y is defined in lsb.params.
User groups with the keyword all as a member cannot be user group administrators.
User groups and user groups administrator definitions cannot be recursive or create a loop.
Optional. Enables hierarchical fairshare and defines a share tree for users and user groups.
By default, when resources are assigned collectively to a group, the group members compete for the resources according to FCFS scheduling. You can use hierarchical fairshare to further divide the shares among the group members.
([user, number_shares])
Enclose the list in parentheses, even if you do not specify any user share assignments.
Enclose each user share assignment in square brackets, as shown.
Separate the list of share assignments with a space.
A single user (specify user_name). To specify a Windows user account, include the domain name in uppercase letters (DOMAIN_NAME\user_name).
Users in a group, individually (specify group_name@) or collectively (specify group_name). To specify a Windows user group, include the domain name in uppercase letters (DOMAIN_NAME\group_name).
Users not included in any other share assignment, individually (specify the keyword default or default@) or collectively (specify the keyword others).
By default, when resources are assigned collectively to a group, the group members compete for the resources on a first-come, first-served (FCFS) basis. You can use hierarchical fairshare to further divide the shares among the group members. When resources are assigned to members of a group individually, the share assignment is recursive. Members of the group and of all subgroups always compete for the resources according to FCFS scheduling, regardless of hierarchical fairshare policies.
number_shares—Specify a positive integer representing the number of shares of the cluster resources assigned to the user. The number of shares assigned to each user is only meaningful when you compare it to the shares assigned to other users or to the total number of shares. The total number of shares is just the sum of all the shares assigned in each share assignment.
Optional. If this section is not defined, all users and user groups can run an unlimited number of jobs in the cluster.
This section defines the maximum number of jobs a user or user group can run concurrently in the cluster. This is to avoid situations in which a user occupies all or most of the system resources while other users’ jobs are waiting.
One field is mandatory: USER_NAME.
MAX_JOBS, JL/P, and MAX_PEND_JOBS are optional.
You must specify a dash (-) to indicate the default value (unlimited) if a user or user group is specified. Fields cannot be left blank.
Begin User USER_NAME MAX_JOBS JL/P MAX_PEND_JOBS user1 10 - 1000 user2 4 - - user3 - - - groupA 10 1 100000 groupA@ - 1 100 groupC - - 500 default 6 1 10 End UserUser or user group for which job slot limits are defined.
Use the reserved user name default to specify a job slot limit that applies to each user and user group not explicitly named. Since the limit specified with the keyword default applies to user groups also, make sure you select a limit that is high enough, or explicitly define limits for user groups.
User group names can be the LSF user groups defined previously, and/or UNIX and Windows user groups. To specify a Windows user account or user group, include the domain name in uppercase letters (DOMAIN_NAME\user_name or DOMAIN_NAME\user_group).
Job slot limits apply to a group as a whole. Append the at sign (@) to a group name to make the job slot limits apply individually to each user in the group. If a group contains a subgroup, the job slot limit also applies to each member in the subgroup recursively.
If the group contains the keyword all in the user list, the at sign (@) has no effect. To specify job slot limits for each user in a user group containing all, use the keyword default.
Per-user or per-group job slot limit for the cluster. Total number of job slots that each user or user group can use in the cluster.
If a group contains the keyword all as a member, all users and user groups are included in the group. The per-group job slot limit set for the group applies to the group as a whole, limiting the entire cluster even when ENFORCE_ONE_UG_LIMIT is set in lsb.params.
Per processor job slot limit per user or user group.
Total number of job slots that each user or user group can use per processor. This job slot limit is configured per processor so that multiprocessor hosts will automatically run more jobs.
This number can be a fraction such as 0.5, so that it can also serve as a per-host limit. This number is rounded up to the nearest integer equal to or greater than the total job slot limits for a host. For example, if JL/P is 0.5, on a 4-CPU multiprocessor host, the user can only use up to 2 job slots at any time. On a uniprocessor machine, the user can use 1 job slot.
Per-user or per-group pending job limit. This is the total number of pending job slots that each user or user group can have in the system. If a user is a member of multiple user groups, the user’s pending jobs are counted towards the pending job limits of all groups from which the user has membership.
If ENFORCE_ONE_UG_LIMITS is set to Y in lsb.params and you submit a job while specifying a user group, only the limits for that user group (or any parent user group) apply to the job even if there are overlapping user group members.
Optional. Used only in a MultiCluster environment with a non-uniform user name space. Defines system-level cross-cluster account mapping for users and user groups, which allows users to submit a job from a local host and run the job as a different user on a remote host. Both the local and remote clusters must have corresponding user account mappings configured.
LOCAL
REMOTE
DIRECTION
(user4 user6)(user4@cluster2 user6@cluster2)The export keyword configures local users/groups to run jobs as remote users/groups.
The import keyword configures remote users/groups to run jobs as local users/groups.
Begin UserMap LOCAL REMOTE DIRECTION user1 user2@cluster2 export user3 user6@cluster2 export End UserMapBegin UserMap LOCAL REMOTE DIRECTION user2 user1@cluster1 import user6 user3@cluster1 import End UserMapCluster1 configures user1 to run jobs as user2 and user3 to run jobs as user6.
Cluster2 configures user1 to run jobs as user2 and user3 to run jobs as user6.
Variable configuration is used to automatically change LSF configuration based on time windows. You define automatic configuration changes in lsb.users by using if-else constructs and time expressions. After you change the files, reconfigure the cluster with the badmin reconfig command.
The expressions are evaluated by LSF every 10 minutes based on mbatchd start time. When an expression evaluates true, LSF dynamically changes the configuration based on the associated configuration statements. Reconfiguration is done in real time without restarting mbatchd, providing continuous system availability.
Begin UserUSER_NAME MAX_JOBS JL/P#if time (12-13)smith 10 -#elsesmith 5 -default 1 -#endifEnd User