Managing POSIX Accounts

Managing POSIX Account Information

POSIX information for individuals within your organization is managed by a combination of Cloud Identity and OS-Login. Cloud Identity is the service that manages user email accounts, directory information (e.g. phone number, office location, back-up email address, etc.), and POSIX account information including SSH keys. OS-Login is the service on Google Cloud that manages Linux user accounts on your fluid-slurm-gcp and authenticates ssh access.

Setting Linux Usernames

By default, POSIX usernames are created from their email address by replacing the “.” and “@” symbols with “_”. For example, the email address somebody@example.com will have the default POSIX username of somebody_example_com when they log in.

Remove domain from POSIX Username

You can easily change the default settings for POSIX usernames within your organization to not include the domain.

  1. Navigate to the additional apps page under the admin panel https://admin.google.com/ac/appslist/additional
  2. Click on “Google Cloud Platform”
  3. Click on “OS Login API Settings”
  4. Edit the “Posix Account Settings” and uncheck the box for “Include the domain suffix in usernames generated by the OS Login API”.

With this setting, the email address somebody@example.com will have the default POSIX username of somebody when they log in to the fluid-slurm-gcp cluster.

Manage UID and GID

To manage POSIX user information, you will then need to use the Directory API . The Directory API is available in Go, Apps Script, Java, Javascript, PHP, Python, and Ruby . We recommend reviewing the Directory API Getting Started Docs to learn more about creating tools for managing user accounts.


Reach out to fluid-slurm-gcp@fluidnumerics.com to learn more about centralized user account management through Google Sheets and Apps Scripts.


Manage SSH Keys

Each users Cloud Identity profile must be associated with at least one public SSH key to access the fluid-slurm-gcp cluster. Within your organization, you can decide whether you want centralized control over all of your users SSH keys or if you want your users to manage their public SSH keys.

User Managed SSH Keys

If you decide to allow users to manage their own SSH keys, they will need to install and initialize the gcloud SDK on their workstations. The instructions below should be provided to users to manage their SSH keys.

To add ssh keys to your profile, use the following steps:

  1. Install and initialize the gcloud SDK
  2. If you don’t already have an SSH Key, you will need to create one. Follow the prompts that appear. We recommend that users set a password when prompted to protect the private key that is generated by this process. $ ssh-keygen -t rsa
  3. Use the gcloud SDK to attach the public SSH key to your Cloud Identity profile. If you used the default path for your SSH key in step 2, the public key can be found at /home/$USER/.ssh/id_rsa.pub $ gcloud compute os-login ssh-keys add --key-file=/path/to/public/key

To remove SSH Keys from your profile, you can use $ gcloud compute os-login ssh-keys remove --key-file=/path/to/public/key

Centralized Management

If you decide to centrally manage user SSH keys, you need to disable your users’ ability to use the OS-Login API to manage their POSIX account information.

  1. Navigate to the additional apps page under the admin panel https://admin.google.com/ac/appslist/additional
  2. Click on “Google Cloud Platform”
  3. Click on “OS Login API Settings”
  4. Edit the “Posix Account Settings” and uncheck the box for “Allow users to generate default POSIX information via the OS Login API”.

To manage POSIX user information, you will then need to use the Directory API . The Directory API is available in Go, Apps Script, Java, Javascript, PHP, Python, and Ruby . We recommend reviewing the Directory API Getting Started Docs to learn more about creating tools for managing user accounts.

Reach out to fluid-slurm-gcp@fluidnumerics.com to learn more about centralized user account management through Google Sheets and Apps Scripts.

An organization administrator that can create, delete, and modify user accounts within your organizations admin panel ( https://admin.google.com )