On Monday, 14 September 2020, at 13:46:27 (+0000), Braun, Ruth A wrote: > Is there any issue if I set/change the slurm account password? I'm running > 19.05.x > > Current state is locked but I have to reset it periodically: > # passwd --status slurm > slurm LK 2014-02-03 -1 -1 -1 -1 (Password locked.)
The short answer is: Don't do that! The longer answer is: As long as your "slurm" user has something like "/bin/false" or "/sbin/nologin" as their shell, it technically shouldn't matter. What's important is that it's impossible for anyone to actually log in as that user; whichever technique(s) are used to accomplish that should ultimately be fine, at least in theory.... But from a defense-in-depth perspective, you really shouldn't take any action that *reduces* the protections in place for system accounts like this one. In addition to all the other security measures in use, the "slurm" user -- if you even need one at all -- should not have *any* password set; that way, it's completely impossible for anyone to log into your system as user "slurm." May I ask why you feel you need to reset user slurm's password periodically? It's really no different in principle from users like "bin," "daemon," "adm," or even "uucp." You don't assign passwords to those accounts, do you? (That would be very dangerous if you did!) Is it perhaps a compliance requirement of some kind? I know those can be pretty draconian and inflexible at times.... My friend Alan Wild works in HPC for ExxonMobil; do you know him? He can probably help you navigate any compliance requirements or whatever might be prompting you to do this; he's been managing TORQUE and Slurm there for several years now. :-) HTH, Michael -- Michael E. Jennings <m...@lanl.gov> HPC Systems Team, Los Alamos National Laboratory Bldg. 03-2327, Rm. 2341 W: +1 (505) 606-0605
