We've taken the per-user-namespace approach, as my boss documented here: http://tech.ryancox.net/2013/07/per-user-tmp-and-devshm-directories.html
This setup makes sure that all user processes are in their own namespace, whether they're launched by slurm or not. We do put them inside a subdir of /tmp, but you could probably do something similar that puts them into /scratch. Lloyd On 7/11/19 9:19 AM, Douglas Duckworth wrote: > Hello > > I am wondering if it's possible to hide a file system, that's world > writable on compute node, logically within Slurm. That way any job a > user runs cannot possible access this file system. > > Essentially we define $TMPDIR as /scratch, which Slurm cleans up in > epilogue scripts, but some users still keep writing to /tmp instead > which we do not want. We would use tmpwatch to clean up /tmp but I > would rather just prevent people from writing to it within Slurm. > > Thanks > Doug > > Thanks, > > Douglas Duckworth, MSc, LFCS > HPC System Administrator > Scientific Computing Unit <https://scu.med.cornell.edu> > Weill Cornell Medicine > 1300 York Avenue > New York, NY 10065 > E: d...@med.cornell.edu <mailto:d...@med.cornell.edu> > O: 212-746-6305 > F: 212-746-8690 -- Lloyd Brown HPC Systems Administrator Office of Research Computing Brigham Young University http://marylou.byu.edu
