HP vPars and Integrity Virtual Machines V6.1 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP-UX Virtual Partitions (vPars) Software

171

172

173

174

175

176

177

178

179

180

1. Using the useradd command, set up an /etc/passwd entry for each guest on the VSP. The

user name of the account must be the same as the guest name and must have no more than

8 characters. For example:

# useradd -d /var/opt/hpvm/guests/host1 \

-c 'host1 console' -s /opt/hpvm/bin/hpvmconsole host1

This example uses the following options:

• The -d option specifies the home directory for the host1 account.

• The -c option specifies a comment text string that describes the account.

• The -s option specifies the path for the shell of the new account.

2. Use the passwd command to set a password for the account. For example:

# passwd host1

3. Use the hpvmmodify command to provide the user with guest administration privileges:

#hpvmmodify -P winguest1 -u host1:admin

A guest administrator can now access the host1 virtual console by using the ssh command or

telnet command on the VSP and logging in to the host1 account. The guest administrator

cannot use the su command.

NOTE: For security reasons, HP strongly recommends that you do not include /opt/hpvm/bin/

hpvmconsole, the virtual console image, in /etc/shells. Doing so opens two security

vulnerabilities:

• It allows ftp access to the account.

• It allows a general user to select the image with the chsh command.

The following is an example session of remote access to the host1 virtual console on the VSP

myhost:

# telnet host1

Trying .xx.yy.zz...

Connected to host1.rose.com.

Escape character is '^]'.

HP-UX host B.11.31 U ia64 (ta)

Password:

Please wait...checking for disk quotas

MP MAIN MENU

CO: Console

CM: Command Menu

CL: Console Log

SL: Show Event Logs

VM: Virtual Machine Menu

HE: Main Help Menu

X: Exit Connection

[host1] vMP>

The virtual console interface displays raw characters for the CL and CO commands, including the

guest's attempts to query the console terminal for its type and characteristics. As a result, the

terminal answers those queries, which can cause the terminal setup communication to interfere

with the virtual console commands. Interactive users can clear the screen. However, this situation

can be a problem for noninteractive or scripted use of the console.

11.5 Creating guest administrators and operators 175