Edit: I still want root.
Originally posted April 19, 2016 on AIXchange
For as long as there’s been an HMC, there have been frustrated administrators wishing they had root access to it.
The argument for root does contain a certain logic. The HMC runs Linux under the covers, so shouldn’t we, as UNIX admins, have fewer restrictions on what we’re able to do? We have root access (via oem_setup_env) on VIO servers and AIX and Linux LPARs, so why don’t we have root on the HMC? Of course, I’ve yet to meet a system admin who doesn’t believe he needs to have root on everything he touches. It’s our nature.
I recall some early versions of HMC code providing greater default access to the hscroot user. I’d certainly load things up and run them directly on the HMC. I’d play around with the window manager and load VNC and various software packages and generally do what I wanted since I had root access.
In retrospect, this probably wasn’t a great idea on my part. Having too many things running on the HMC makes it a support nightmare. If something isn’t working, is it because of the actual HMC code or hardware, or is the problem one of your pet tools or programs? If you’re IBM, locking down this critical piece of the Power Systems infrastructure and treating it like an appliance makes it much easier to support.
There are forum threads going back to at least 2005 where users share knowledge about getting root on the HMC. It’s tougher to find working information these days, but there are still methods for getting root that don’t involve IBM Support. Naturally people aren’t as willing to discuss them, because when these techniques do get out, they tend to be quickly invalidated.
Now, IBM Support does allow you to reset HMC access passwords. (Note: In the early days of this blog I wrote about getting the celogin password from support, but this isn’t the same as getting root.)
It’s also possible to get access to the product engineering shell (pesh) and get root if there’s a real need to do so. Honestly, after years of HMC enhancements and refinements, there aren’t many legitimate reasons for needing root at this point. Still, if you need to debug or perform other types of maintenance as root, you can contact IBM Support and follow these instructions:
“pesh provides full shell access to the HMC for product engineering and support personnel. pesh takes the serial number of the HMC machine or unique ID of the virtual HMC where full shell access is requested, then prompts the user for a one day password obtained from the support organization. If the password is valid, the user is granted full shell access. Only the hscpe user can run this command.
To obtain full shell access to a Hardware Management Console (HMC):
pesh serial-number-of-HMC-machine
To obtain full shell access to a virtual HMC:
pesh unique-ID-of-virtual-HMC”
The other thing to keep in mind is root isn’t necessary for dealing some common HMC management issues. Are your filesystems filling up? Try this. Are you dealing with some crazy hscroot syntax? Check out EZH, which makes the HMC command line easier to manage. (Here’s an introductory video.)
So do you want root on your HMC? Why or why not?