Security
The following new features affect cluster security.
Root privileges
The LSF_ROOT_REX parameter is an existing parameter in the lsf.conf file that specifies root execution privileges for jobs from both local and remote hosts. While LSF_ROOT_REX=N (which disables root execution privileges) is the default setting since this parameter's introduction, there were a number of issues related to sites inadvertently leaving this parameter enabled. Due to these issues, the LSF_ROOT_REX parameter is now obsolete and no longer allows root execution privileges for jobs from local and remote hosts. Any actions that were performed with root privileges must instead be performed as the LSF administrator.
If you need to temporarily run LSF commands with root privileges, specify LSF_ROOT_USER=Y in the lsf.conf file. When you are done, you must disable this parameter to ensure that your cluster remains secure.
If you need to temporarily run LSF License Scheduler commands with root privileges, specify LS_ROOT_USER=Y in the lsf.licensescheduler file. This parameter allows the root user to run the bladmin, blkill, globauth, and taskman commands. When you are done, you must disable this parameter to ensure that your cluster remains secure.
If you need to enable root privileges on hosts for LSF Application Center, LSF RTM, or LSF Explorer, specify a space-separated list of hosts in the LSF_ADDON_HOSTS parameter in the lsf.conf file. The root users on these specified hosts can remotely execute commands. You must also set LSF_DISABLE_LSRUN=N in the lsf.conf file to enable hosts that are running LSF Application Center to use the lsrun and lsgrun commands.