Manualshelf

HP 9000 Containers A.03.01 on HP Integrity Server Administrator Guide HP-UX 11i v3 (5900-3112, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
41424344454647484950
8.3.2 HP 9000 classic container
User management must be performed in the global container. As a part of HP 9000 container
configuration, a group <srp_name>-login is created, which has access to the container. All
local users from HP 9000 /etc/passwd file are added to this auxiliary group.
Add a new user for the container
1. Log in to the global container as root and run the useradd command. There is no need to
prefix the <hp9000_root> directory in this step while specifying the home directory.
2. Create the home directory inside the <hp9000_root> directory. Set the permission for the
home directory to 0755.
3. Add user to one of the HP 9000 container login groups. The default login group name (created
at setup time) starts with <srp_name>-login.
$ groupmod a -l <username> <srp_name>-login
Allow container access for a group of users
To allow access for a group of users to HP 9000 container, run the following command:
$ roleadm assign \&<group-name> SRPlogin-<srp_name>
Deny container access for a group of users
To deny access for a group of users to HP 9000 container, run the following command:
$ roleadm revoke \&<group-name> SRPlogin-<srp_name>
8.4 Configuring SSH authorization keys
The section provides information about configuring SSH authorization keys for both system and
classic container types.
8.4.1 HP 9000 system container
For system container, you can generate and use SSH authorization keys just the way you do it on
an HP 9000 server.
8.4.2 HP 9000 classic container
To automatically log in to an HP 9000 container using SSH authorization keys, you must create
additional home directories in the global container.
To configure SSH keys for a user:
1. Create a home directory on the host system (global container) with the same path as inside
the HP 9000 container. Change permissions of the home directory to 0755 and ownership
to the individual user.
2. Log in to the host system and create a $HOME/.ssh directory with 0700 permissions.
3. Log in to the client system (from where automatic login is to be allowed) and generate an ssh
key:
$ ssh-keygen -t dsa
4. Add the contents of $HOME/.ssh/id_dsa.pub on the client system to $HOME/.ssh/
authorized_keys on the target system (global container).
8.5 Configuring mount and export points
This section describes how to configure file system mounts and exports with HP 9000 containers.
50 Administration of HP 9000 Containers