![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 71%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Azure CycleCloud
A Microsoft tool for creating, managing, operating, and optimizing high-performance computing (HPC) and big compute clusters in Azure.
66 questions
Hello Gary Mansell
Welcome to Microsoft Q&A Platform, thanks for posting your query here.
Based on your ask and and your environment, I checked with internal team on this and bet way is LDAP or AD.
It is not recommended using the VM running Cycle Cloud as home directory. Either use one of Azure’s hosted options or at least a separate VM with some kind of backup.
There is no need to copy anything, just manage users and groups via Cyclecloud UI and manage the secondary groups and permissions via cloud or cluster-init using usermod and ACLs.
This way the passwd and group under etc folder are the same in all the cluster nodes and you only have to worry about managing the secondary groups and permissions of those project folders.
You can also use an external LDAP server to manage all users and groups but that is not straight-forward.
You can certainly use CC’s user management but you will have to do all group assignment with it. This is not easy because you have to update all machines whenever there is a change. There’s no solution for using another machine’s /etc/group, for good reason, which is why using proper LDAP might be easier.
The alternative is to run some code on all machines when something changes, which is what CC does for users and the sudo privilege, but does not do for groups.
Hope this helps.