Restricting job's to be run as their submitting user

Hi,

We’re considering using Nomad in our company.

However after looking at the documentation and experimenting with it it’s not clear to me if there is support for restricting jobs to be run as their submitting user, i.e. if user “foo” submits a job, we would like to enforce that the corresponding tasks are run as user “foo”.
I can see the task’s “user” parameter https://www.nomadproject.io/docs/job-specification/task.html#user which defines the user the task will run as. And I can see some support for ACL (https://www.nomadproject.io/guides/security/acl.html) which allows restricting certain commands to certain users.
However I can’t figure out how to guarantee that all tasks submitted by a user will be run as this user, similar to e.g. what slurm and mesos offer.

Is there an easy way to achieve this?

Cheers,

Charles

1 Like