Running IBM Spectrum Scale commands without remote root login
With sudo wrapper scripts you can avoid configuring nodes to allow remote root login.
Every administration node in the IBM Spectrum Scale cluster must be able to run administration commands on any other node in the cluster. Each administration node must be able to do so without the use of a password and without producing any extraneous messages. Also, most of the IBM Spectrum Scale administration commands must run at the root level. One solution to meet these requirements is to configure each node to permit general remote login to its root user ID. However, there are secure solutions available that do not require root-level login.
You can use the
sudo program to eliminate direct root login. With sudo wrapper, you can
launch IBM Spectrum
Scale administration commands with a sudo
wrapper script. This script uses ssh to log in to the remote node using a
non-root ID, and then invokes the sudo program on the remote node to run
the commands with root-level privileges. The root user on an administration node still needs to be
able to log in to all nodes in the cluster as the non-root ID, without being prompted for a
password.
Note: Only the instance of sudo that is shipped natively with the Linux® operating system or included in the AIX® toolbox is supported. Other sudo-like frameworks might only be supported after a technical compatibility review by IBM®. Ask your sales representative to contact IBM Spectrum
Scale development about the RPQ or SCORE
process.
Note:
To use sudo wrappers, complete the tasks in the following topics:- Sudo wrappers are not supported on clusters where one or more of the nodes is running the Windows operating system.
- Sudo wrappers are not supported with clustered NFS (cNFS).
- The installation toolkit is not supported in a sudo wrapper environment.