Enable multiple users¶
The base installation instructions install a complete working application for a single person.
If, after you’ve installed the base application, you want to allow multiple people to access it, these instructions will show you how to enable login accounts.
Step 1: Configuration¶
In the config.toml
file in your installation folder,
change the web.auth
setting from none
to login
.
[web]
auth = 'login'
After making changes to your configuration file, restart the application:
./nextpyp stop
./nextpyp start
sudo systemctl restart nextPYP
Step 2: Setup¶
When in login
mode, the application will require some first-time setup to create
the first administrator account.
Open the application website in your browser. Then change the url in the address bar
by replacing the /#/dashboard
part with /#/admin
. This will load the hidden administration page.
For example, if you access the website at the url https://nextpyp.myorganization.org
, then the URL
for the administrator page will be https://nextpyp.myorganization.org/#/admin
.
Once on the page, you will be greeted with a page like the following.

Fill out the form, click Create Administrator, and you’ll make the first administrator account.
Tip
See the Administration section for information on how to create and manage users and groups in nextPYP
.
From now on, to access the website, you’ll need to login with your account name and password.
Optional: Connect nextPYP users to Operating System users¶
Starting with v0.7.0, nextPYP
allows you to connect user accounts to the operating system.
When a connected user runs a job in nextPYP
:
The job processes will run as the connected operating system user, rather than the service account.
The files created by the job will be owned by the operating system user, rather than the service account.
The user’s jobs will respect any resource quota system that your computing center may have in place for that user, like filesystem storage limits, or SLURM resource privileges.
File sharing between users will be controlled by the filesystem configuration, rather than
nextPYP
configuration, so it will be possible to prevent users from accessing each others files when browsing the filesystem directly.
Connecting a nextPYP
user to an operating system user requires an administrator to perform a couple steps:
Create a
user-processor
executable file for that user.The
user-processor
executable is a small program thatnextPYP
uses to run commands as an operating system user, rather than the service account. It works by using the setuid feature of the Linux operating system to grant access for one user to run a program on behalf of another user without needingroot
or administrator privileges.To create the
user-processor
executable for an operating system user, while logged into the machine wherenextPYP
is installed, run the command:sudo nextpyp user-add <username>
where
<username>
is the name of the operating system user (not thenextPYP
user).Similarly, you can remove a
user-processor
executable with the comnand:sudo nextpyp user-remove <username>
Configure the
nextPYP
user to use the new executable.In
nextPYP
, on the administration page, go to the “Users” tab. Pick a user you’d like to associate with an operating system user and edit that user. In the “OS Username” box, enter the name of the operating system username and then click Check.If the
user-processor
executable file does not exist or not have the right filesystem settings, the check will fail and the UI will display detailed reasons why. Otherwise, the check will pass. For a passed check, your screen should look similar to the following:The edit user panel showing a successful
user-processor
executable check.¶Click Save to save your changes to the user. Once saved, the association between two user accounts is complete. The new account settings will take effect the next time that user creates a project.
Warning
Unfortunately, operating system user changes cannot be retroactively applied to any existing projects for the user, since the files in an existing project have already been created.
To break the association between a
nextPYP
user and an operating system user, remove the username from the “OS Username” box and Save your changes. Again, the account (dis)association will only take effect the next time that user creates a new project.
Getting help¶
Getting nextPYP
installed and working correctly can be tricky sometimes,
especially since everyone’s needs are just a little different.
We’ve done our best to build an install process that’s flexible enough to work in many different environments,
but sometimes things still might not work out perfectly.
If you have questions, need clarification on any of the installation options, or are just looking for a little help getting through the installation, don’t hesitate to reach out using one of the options listed in the Getting help section.