Statement of customer responsibility
The Cloud Pak for Data System is an integrated computer system consisting of mixed hardware and software components optimized to collect, organize and analyze data. The sub-components that make up the platform have been developed, tuned, and tested to perfect that workload.
With a strong focus on security and ease of operation, it is by design that customer local Linux users are not given unrestricted access to the host operating system.
All tasks which require escalated privileges should be completed as
Linux user, or as users added to the
ibmapadmin Linux group. This group has
sufficient access to administer the platform, and automate maintenance tasks. If the user requires
root privileges they must be added to the
ibmapadmin group by the
system administrator and access root commands through
At installation, the customer is provided with
root user password to use on
control nodes and NPS container if required. It is absolutely critical to security that the customer
changes the default password for the
root user on all control nodes and NPS
container using the passwd command as soon as possible.
Performing actions which require escalated privileges outside the scope of self-administration are not permitted. Unauthorized changes not only present security risks, but run the risk of degrading performance characteristics and corrupting basic functions of the platform.
Examples of restricted actions include: adding extra packages/services, editing certain configuration files by hand, modifying services, and modifying kernel settings.
With respect to permitted administration tasks, a suite of command line and GUI tools are provided, which enable self-administration without the need for superuser access or support involvement.
If you find a task is requires elevated privileges, but which you feel is necessary to deploy the system into production, contact your IBM representative so that the task can be vetted and potentially allowed via a non-elevated account in a future release pending analysis for security and scope.