The permission information attached to nodes is designed to mimic the UNIX filesystem permission system. Each node has a number of permission bits and a user and group ID. As of this writing, only the execute bits are defined.
Node permission information can be viewed with bpstat and changed with bpctl. A user who owns a node many change the mode bits and change the group of the node to any group that the user is a member of.
When nodes are down the user and group are set to root,root with no execute permissions. When a node first connects to the master the permissions change to user root, group root and execute for owner only. If the node setup script executes successfully and the nothing has set the node permissions, the node's permissions will be changed to execute for all. This allows the node setup script to set node permissions.