Why Do We Need Root on the HMC?
In
this article in IBMSystems Magazine Rob McNelly asked the question
Why Don't We Have Root on the HMC?
and he goes on to justify why we indeed shouldn't have root - kinda. I think his arguments are not as valid as he perhaps thinks they are and what's more i think he deserves an answer as public as his statement. I will paraphrase some of his statements as i understand them, but you should read his linked article yourself to finally judge if i have misrepresented or misunderstood him.
First, Mister McNelly says it is "in the nature" of Sysadmins to believe they need root everywhere. This might be the case for some immature hacker kids. Fact is, i - and certainly every other responsible sysadmin i know - only switch to root if i really need to do it, not because it is my "habit" to do so. It is just the nature of my work which calls for the power of the superuser: otherwise i wouldn't know how to increase filesystem sizes, unlock user accounts or start up/shut down systems - these are the most common requests i face every day. But my "normal" work, which doesn't require these extraordinary powers - writing scripts, working out procedures, ..., i do with my ordinary user account. The only group i carry is "staff" and the only thing different from any other user acount is the size of my HOME directory (~200MB) because i generate reports and lists rather using UNIX text filters than these abominable "office" suites. (As a rule of thumb: data that really matters is not stored within an Excel sheet.)
The second reason Mister McNelly cites is that an (arbitrarily) administrated system (as opposed to an appliance) is a support nightmare. Now i can appreciate this argument! But guess what: any system with a variable configuration is more difficult to support than a system with a fixed config. Maybe IBM should lock out all users from all their AIX systems as this would make supporting the OS much easier, no?
And why does the HMC have to be a separate system anyways? Lets face it: it is basically a (acceptably but not outstandingly well designed) web application and a supplemental set of commands to do on command line what can be done within the web application. Can't that be an application which can be installed? What needs a separate system here?
For instance, i have installed the "EMC solutions enabler" on an AIX LPAR to administrate my array of VMax storage systems. It is a set of executables i just use within scripts of my own and it writes plain log files i can read. I'll give you that, to use non-standard SCSI commands to communicate with the VMax which requires "gatekeeper devices" to be created is probably a pretty bad idea - there was a thing invented for that kind of service, i believe it was called "networks". But save for that ´the management software for the system is a normal application. Why can't that be done for the HMC software?
Yes, i can understand Mister McNellys point that installing "everything and the kitchen sink" on the HMC can create problems - just like cramming several applications onto any other single system will likely cause problems and is a very bad design decision. But i wouldn't do that like i wouldn't design any other system that poorly. Still i could make my work easier with storing some really necessary files on the HMC without being forbidden to organize my HOME with that ridiculous restricted shell. I mean: does it really make support esaier when i am forced to have 50 files in my home instead of having them organized in neat subdirectories (which i can't create)? Who is helped by the fact that i cannot pipe the output of, say,
lssyscfg, into a
grep? I might even want to use the same shell i use throughout my whole AIX installation - Korn Shell - instead of being forced to use
bash solely on the HMC.
So, do i want root on the HMC, as McNelly finally asks? No, for the most time a decent user account with a normal, not-restricted shell would suffice. But to manage this account - in the same responsible way i manage the rest of my 350 LPARs - i'd like to become root now and then to do whatever administrators do. Of course i know how to jailbreak the HMC (like perhaps every halfways capable admin does), but why do i need to "break into" a system i have set up, a system i run and for which i (well, actually my company) have paid good money?
If IBM would put the effort they put into making it harder to become root into further development of the HMC software itself - wouldn't it help people (outside their support staff)? It reminds me somewhat on the situation with IPhones, Android phones, Cyanogenmod and that awful decision to make the replacement of batteries impossible. I understand that it helps protecting the cashflow because this way it is easier to gain money from customers without doing more.
But on one hand: i may have to bear it, but i do not have to like it. And on the other hand: we are not talking about some mobile phone for 69.99. We are talking about the two HMCs i use to manage one and a half dozen p780s and p880s, about 2 million dollars apiece. Do you think it is necessary to squeeze out some minimal additional benefit by pestering me with a restricted shell for my daily work? And if you really think i couldn't handle the responsibility for such a vital system: don't you think i should be removed from the position where i manage the LPARs running the corporate SAP systems too?
Just my 2 cents for the whole HMC discussion.
bakunin