{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 别忘想泡老子 的问题《Is it possible to force SLURM to have access to on》','https://www.manongdao.com/q-692421.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I observe that when I run a SLURM job, it could create files on other folder paths and also could remove them. It seems dangerous that via SLURM job they can access others folders/files and make changes on them.
$ sbatch run.sh
run.sh:
#!/bin/bash
#SBATCH -o slurm.out # STDOUT
#SBATCH -e slurm.err # STDERR
echo hello > /home/avatar/completed.txt
rm /home/avatar/completed.txt
[Q] Is it possible to force SLURM to only have access to its own running folder and not others?
Files access is controlled through UNIX permissions, so a job can only write where the submitting user has permission to write. And most often, a job will need to read and write from and to several distinct directories on distinct filesystems (home NFS for configuration files and results, scratch parallel filesystem for intermediary data and input data, etc.) so Slurm should not confine the job in the submission directory.
If you want to make sure your job has no way to write outside of a specific directory, you can use the
chrootcommand in your job submission script, but that seems a bit odd and less easy to manage than UNIX permissions.