Skip to main content

PFS Access and Permission Guidelines

Overview

The Parallel File System (PFS) can be attached to both Virtual Machine (VM)-based resources and Container-based resources. Access to files and directories within the PFS is governed by standard Linux user and group permissions. However, the behavior differs depending on the type of resource accessing the PFS.

PFS Access on Virtual Machines

When a PFS is attached to a VM:

  • All users present on the VM can potentially access the PFS.
  • Access is controlled through the ownership and permission settings of files and directories within the PFS.
  • Users who have the required read, write, or execute permissions on the PFS directories can access the data.

Example

If a directory is configured with permissions allowing access to a specific user or group, any VM user matching those permissions will be able to access the directory.

PFS Access on Container-Based Resources

For container-based applications, access is more restrictive.

Default Root Access

The root user (UID 0) within container-based resources has access to the attached PFS by default.

Additional User Creation

If additional users require access to the PFS from within a container, they must be created with:

  • UID between 1000 and 1050
  • GID between 1000 and 1050

Users created outside of this range may not be able to access the PFS, even if the underlying file or directory permissions would otherwise permit access.

Important Considerations

  • Creating container users outside the UID/GID range of 1000–1050 may result in permission issues when accessing the PFS.
  • File and directory ownership within the PFS should be aligned with the intended container user's UID and GID.
  • Standard Linux permission checks (owner, group, and others) still apply.

Best Practices

  1. Create container users with UID and GID values between 1000 and 1050.
  2. Assign appropriate ownership on PFS directories using the corresponding UID and GID.
  3. Use group-based permissions whenever multiple users or applications require access.
  4. Verify permissions after mounting the PFS to ensure expected access behavior.

Recommendation

When provisioning users for container-based workloads that require access to a PFS, always create the users using a UID and GID within the range 1000–1050. This ensures compatibility with the PFS access model and prevents unexpected permission-related issues.

Last updated on June 12, 2026.