与MPI设置群集的许多教程建议创建具有有限权限的单独用户（ 1 ， 2 ）。这意味着运行作业需要登录单独的用户，并且显然是另一个步骤。
为什么这是必要的，或者它实现了什么？有没有原因 not 只需使用默认用户？
Many of the tutorials on setting up a cluster with MPI suggest creating a separate user with limited permissions (1, 2). This means running jobs requires logging into a separate user, and is obviously another step.
Why is this necessary, or what does it achieve? Is there any reason not to just use the default user?
(We're running this cluster as an educational project: completely offline, with physical access required by known users, so simplicity is preferred over security.)
A service user allows the principle of least privilege. You can impose quotas or restrictions on the service without impacting the user. Any bad things it may do, like delete the user's files, are limited in scope.
It also is predictable. A standard example for documentation is convenient. You can write an init script for convenience in starting it as a service. A process of that user using lots of resources is expected.