flux-security

flux-security provides the security infrastructure required for multi-user Flux instances. It includes a signing library that allows Flux to authenticate job requests across nodes, and a setuid helper called the IMP (Independent Minister of Privilege) that enables Flux to launch jobs as arbitrary users without requiring the broker to run as root.

flux-security is a required companion to flux-core in production HPC deployments where Flux is deployed as a multi-user system service. It is designed with a minimal privilege footprint: the IMP is the only component that runs as root, and it does so only for the narrow operations required to launch and signal jobs on behalf of authenticated users.

Related Information

flux-security is designed to be deployed alongside flux-core. Those wishing to understand Flux security in a broader context may benefit from the following material:

Description	Links
Main Flux Documentation Pages	Github Docs
flux-core — the primary Flux framework project	Github Docs
Flux Request for Comments Specifications	Github Docs

Table of Contents

• Manual Pages
  • Section 3 - C Library Functions
  • Section 5 - File Formats and Conventions
  • Section 8 - System Administration
• Resources for Flux Developers
  • Device Containment