Statement of customer responsibility

The Cloud Pak for Data System is an integrated computer system consisting of mixed hardware and software components optimized to collect, organize and analyze data. The sub-components that make up the platform have been developed, tuned, and tested to perfect that workload.

With a strong focus on security and ease of operation, it is by design that customer local Linux users are not given unrestricted access to the host operating system.

All tasks which require escalated privileges should be completed as apadmin Linux user, or as users added to the ibmapadmin Linux group. This group has sufficient access to administer the platform, and automate maintenance tasks. If the user requires root privileges they must be added to the ibmapadmin group by the system administrator and access root commands through sudo.

At installation, the customer is provided with root user password to use on control nodes and NPS container if required. It is absolutely critical to security that the customer changes the default password for the root user on all control nodes and NPS container using the passwd command as soon as possible.

Performing actions which require escalated privileges outside the scope of self-administration are not permitted. Unauthorized changes not only present security risks, but run the risk of degrading performance characteristics and corrupting basic functions of the platform.

Examples of restricted actions include: adding extra packages/services, editing certain configuration files by hand, modifying services, and modifying kernel settings.

With respect to permitted administration tasks, a suite of command line and GUI tools are provided, which enable self-administration without the need for superuser access or support involvement.

If you find a task is requires elevated privileges, but which you feel is necessary to deploy the system into production, contact your IBM representative so that the task can be vetted and potentially allowed via a non-elevated account in a future release pending analysis for security and scope.