Cloud Management and AIOps


This is an IBM Automation portal for Cloud Management and AIOps products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Future consideration
Workspace Workload Automation
Created by Guest
Created on Oct 14, 2022

RELATED IDEAS

Allow installation and patching via sudo rule instead of requiring actual root access

Our security teams do not like providing us access to root to perform installations and patching activities. Their stated preference is that we use sudo rules. Having to coordinate the activity with the Linux admins means double the human resources required (and scheduling coordination between them, us, and application owners), as well as an additional opportunity for error.


Please investigate updates to the twsinst utility to allow this option so that our admin team can be more self sufficient.

Idea priority Medium
  • Guest
    Reply
    |     Oct 27, 2022

    The issue I am faced with is that our security team does not like to provide shell access as root unless you are on the Linux/Unix admin team. They will, however, approve commands to run as root using sudo. So while I can't get a full shell, they would approve the running of "twsinst" as root. It would be useful to have this available for installing MDM, BKM, DWC, FTA and DA components, as well as the WebSphere Liberty profile required.

    I've been told in the past by support that using sudo as I outlined is not supported, and I may have even found that in documentation as well at one point in the past but I don't have the time to go validate that right now.

    The issue there of course is that the "umask" value doesn't translate. Unless there is something more involved, it seems like setting the umask could be done inside the twsinst script, and that issue would be resolved, which would seem to open the door to an installation & patching path that my security team would allow my team to have control of.


  • Guest
    Reply
    |     Oct 27, 2022

    Hello there, we need some clarification. Is it OK for your scenario if with the sudo rules the installation occurs anyway as "root"? That is, with sudo rules the user becomes root and then starts the installation.

    By the way for dynamic agents the non-root installation with twsinst is already supported.

    Let us know if your requirement is to support non-root installation for all components.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.