HP Integrity Virtual Machines 4.3: Installation, Configuration, Administration

ManualsBrandsHP ManualsSoftwareHP-UX vPars and Integrity VM v6

151

152

153

154

155

156

157

158

159

160

# useradd -d /var/opt/hpvm/guests/host1 \

-c 'host1 console' -s /opt/hpvm/bin/hpvmconsole host1

This example uses the following options:

• The -d option specifies the home directory for the host1 account.

• The -c option specifies a comment text string that describes the account.

• The -s option specifies the path for the shell of the new account.

2. Use the passwd command to set a password for the account. For example:

# passwd host1

3. Use the hpvmmodify command to provide the user with guest administration privileges:

#hpvmmodify -P winguest1 -u host1:admin

A guest administrator can now access the host1 virtual console by using the ssh command or

telnet command on the VM Host and logging in to the host1 account. The guest administrator

cannot use the su command.

NOTE: For security reasons, HP strongly recommends that you do not include /opt/hpvm/

bin/hpvmconsole, the virtual console image, in /etc/shells. Doing so opens two security

vulnerabilities:

• It allows ftp access to the account.

• It allows a general user to select the image with the chsh command.

The following is an example session of remote access to the host1 virtual console on the VM

Host myhost:

# telnet host1

Trying .xx.yy.zz...

Connected to host1.rose.com.

Escape character is '^]'.

HP-UX host B.11.23 U ia64 (ta)

Password:

Please wait...checking for disk quotas

MP MAIN MENU

CO: Console

CM: Command Menu

CL: Console Log

SL: Show Event Logs

VM: Virtual Machine Menu

HE: Main Help Menu

X: Exit Connection

[host1] vMP>

The virtual console interface displays raw characters for the CL and CO commands, including

the guest's attempts to query the console terminal for its type and characteristics. As a result, the

terminal answers those queries, which can cause the terminal setup communication to interfere

with the virtual console commands. Interactive users can clear the screen. However, this situation

can be a problem for noninteractive or scripted use of the console.

8.5.1 Administrator Account Names

The virtual console administrator name can be any valid HP-UX login name. To continue accessing

the virtual console, existing guest console accounts must be added to the authorization list for

8.5 Creating Guest Administrators and Operators 153