Managing POSIX Accounts

Managing POSIX Account Information

POSIX information for individuals within your organization is managed by a combination of Cloud Identity, OS-Login, and the Directory API. Cloud Identity is the service that manages user email accounts, directory information (e.g. phone number, office location, back-up email address, etc.), and POSIX account information including SSH keys. OS-Login is the service on Google Cloud that manages Linux user accounts on your fluid-slurm-gcp and authenticates ssh access. The Directory API gives administrators in your organization the ability to programatically manage user directory and POSIX account information.

Removing Domain from OS Login/POSIX Username

By default, POSIX usernames are created from their email address by replacing the “.” and “@” symbols with “_”. For example, the email address somebody@example.com will have the default POSIX username of somebody_example_com when they log in.

You can easily change the default settings for POSIX usernames within your organization to not include the domain.

  1. Navigate to the additional apps page under the admin panel https://admin.google.com/ac/appslist/additional

  2. Click on “Google Cloud Platform”

  3. Click on “OS Login API Settings”

  4. Edit the “Posix Account Settings” and uncheck the box for “Include the domain suffix in usernames generated by the OS Login API”.

With this setting, the email address somebody@example.com will have the default POSIX username of somebody when they log in to the fluid-slurm-gcp cluster.

Additional Customization

To manage POSIX user information, you will then need to use the Directory API . The Directory API is available in Go, Apps Script, Java, Javascript, PHP, Python, and Ruby . We recommend reviewing the Directory API Getting Started Docs to learn more about creating tools for managing user accounts.

Reach out to fluid-slurm-gcp@fluidnumerics.com to learn more about centralized user account management through Google Sheets and Apps Scripts.

Manage SSH Keys

Each users Cloud Identity profile must be associated with at least one public SSH key to access the fluid-slurm-gcp cluster with 3rd party tools like OpenSSH (Linux) and PuTTY (Windows). Within your organization, you can decide whether you want centralized control over all of your users SSH keys or if you want your users to manage their public SSH keys.

User Managed SSH Keys

If you decide to allow users to manage their own SSH keys, they will need to install and initialize the gcloud SDK on their workstations, or they will need to have access to the Cloud Shell.

To add ssh keys to your profile, use the following steps:

  1. Install and initialize the gcloud SDK

  2. If you don’t already have an SSH Key, you will need to create one. Follow the prompts that appear. We recommend that users set a password when prompted to protect the private key that is generated by this process. $ ssh-keygen -t rsa

  3. Use the gcloud SDK to attach the public SSH key to your Cloud Identity profile. If you used the default path for your SSH key in step 2, the public key can be found at /home/$USER/.ssh/id_rsa.pub $ gcloud compute os-login ssh-keys add --key-file=/path/to/public/key

To remove SSH Keys from your profile, you can use $ gcloud compute os-login ssh-keys remove --key-file=/path/to/public/key

Centralized Management

If you decide to centrally manage user SSH keys, you need to disable your users’ ability to use the OS-Login API to manage their POSIX account information.

  1. Navigate to the additional apps page under the admin panel https://admin.google.com/ac/appslist/additional

  2. Click on “Google Cloud Platform”

  3. Click on “OS Login API Settings”

  4. Edit the “Posix Account Settings” and uncheck the box for “Allow users to generate default POSIX information via the OS Login API”.

To manage SSH, you will then need to use the Directory API . The Directory API is available in Go, Apps Script, Java, Javascript, PHP, Python, and Ruby . We recommend reviewing the Directory API Getting Started Docs to learn more about creating tools for managing user accounts.

Reach out to fluid-slurm-gcp@fluidnumerics.com to learn more about centralized user account management through Google Sheets and Apps Scripts.