Security

General conditions for access

Per Texas statutes, TTU information resources are strategic assets of the state of Texas that must be managed as valuable state resources. As such, use of TTU information resources is subject to university OPs and other applicable laws. Unauthorized use is prohibited, usage may be subject to security testing and monitoring, misuse is subject to criminal prosecution, and users have no expectation of privacy except as otherwise provided by applicable privacy laws.


Login security

Access methods to HPCC resources rely on TTU eRaider authentication system to check user credentials. All users use their eRaider id and password to log in HPCC clusters and/or to transfer files using the HPCC Globus Connect data transfer service. 

Cluster Internal Security

On first login to a cluster head node, SSH may ask you for a key phrase. This is used only within the cluster for communication between nodes within your account and a key phrase is not generally needed for this case. It is acceptably secure for cluster operations, and makes login to the compute nodes simpler, if you leave this key blank (hit the enter key at this prompt). From the head node, you should be able to either ssh or rsh to all of the compute nodes in that cluster without a password. If either ssh or rsh prompts for a password on cluster head to compute login, please contact HPCC staff at hpccsupport@ttu.edu, as parallel software generally depends on passwordless login. More complex methods will be required if you have a non-blank SSH key phrase on the cluster head nodes. Remote shell by ssh or or rsh is only permitted within the HPCC clusters to nodes on which you have currently running jobs. MPI on clusters also uses either ssh or rsh for data transmission.

Please also read and observe the data access, permissions, and security policies below and on the TTU HPCC Data Policies page.

Access Permissions

By default in Linux systems, users have read, write and execute permissions to the directories and files that they own. Meanwhile the directories and files are often set by default to be readable and executable to other users, including the users in the same group of the owner. Basically a user is the owner of the directories /home/user-id, /lustre/work/user-id, and /lustre/scratch/user-id, as well as all files and directories under them. A user also owns the temporary files or directories in partitions on compute nodes, if their jobs create temporary output there. If you are concerned about the permission settings, for example, you do not want others to read your files, you can change the permission by command "chmod" with appropriate options. For example:

chmod 700 (file)

or

chmod -R 700 (directory)

For the details, please run "man chmod" to get the manual of chmod command, or contact hpccsupport@ttu.edu. A more flexible way to set access control for files and folders is to use "access control list" methods. Please contact HPCC Support if you wish to learn more about how to use ACLs to control access to your files.

Examples of reasons to set stricter than normal permissions would be to protect files from inadvertent sharing, such as homework or class personal activities, or protection of private keys such as those in your .ssh folder. In general, you should not assume that files on a shared cluster file system are private and should take steps such as keeping any sensitive data off of the cluster file systems and instead moving them to external storage under your direct control. You may also need to request to delete any backup copies from the HPCC backup system, if applicable.

Regardless of the directory permissions, root users (HPCC staff and TTU security personnel) are permitted to access user files as needed for management of storage systems or for security-related investigations. Sponsoring faculty/staff can also request to access your files for purposes of continuity of research.