HP-UX vPars and Integrity VM V6.1.5 Administrator Guide (5900-2295, April 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 Integrity Virtual Machines Host Per Core License LTU

171

172

173

174

175

176

177

178

179

180

# passwd host1

3. Use the hpvmmodify command to provide the user with guest administration privileges:

#hpvmmodify -P winguest1 -u host1:admin

A guest administrator can now access the host1 virtual console by using the ssh command or

telnet command on the VSP and logging in to the host1 account. The guest administrator

cannot use the su command.

NOTE: For security reasons, HP strongly recommends that you do not include /opt/hpvm/bin/

hpvmconsole, the virtual console image, in /etc/shells. Doing so opens two security

vulnerabilities:

• It allows ftp access to the account.

• It allows a general user to select the image with the chsh command.

The following is an example session of remote access to the host1 virtual console on the VSP

myhost:

# telnet host1

Trying .xx.yy.zz...

Connected to host1.rose.com.

Escape character is '^]'.

HP-UX host B.11.31 U ia64 (ta)

Password:

Please wait...checking for disk quotas

MP MAIN MENU

CO: Console

CM: Command Menu

CL: Console Log

SL: Show Event Logs

VM: Virtual Machine Menu

HE: Main Help Menu

X: Exit Connection

[host1] vMP>

The virtual console interface displays raw characters for the CL and CO commands, including the

guest's attempts to query the console terminal for its type and characteristics. As a result, the

terminal answers those queries, which can cause the terminal setup communication to interfere

with the virtual console commands. Interactive users can clear the screen. However, this situation

can be a problem for noninteractive or scripted use of the console.

11.5.1 Administrator account names

The virtual console administrator name can be any valid HP-UX login name. To continue accessing

the virtual console, existing guest console accounts must be added to the authorization list for the

associated guest with the usermod command. This allows multiple accounts to map to the guest,

and requires the account names to be valid HP-UX login strings.

Authorization of access to the virtual console is determined by the guest configuration file (set using

the -u and -g options to the hpvmcreate, hpvmmodify, and hpvmclone commands). This

controlled access allows you to temporarily block access by using the hpvmmodify command to

change the virtual console administrator account name.

11.5 Creating guest administrators and operators 179