Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP Integrity Virtual Machines: Installation, Configuration, and Administration > Chapter 8 Managing Guests

Creating Guest Administrators and Operators
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Integrity VM provides secure access to guest consoles. When you create the guest, you can specify the group account or user account that will have guest administration privileges. These users are allowed to log in to the guest under their own user accounts and to use the hpvmconsole command to perform system administration tasks on the guest virtual machine.

There types of console users are specified as admin and oper. Use the hpvmcreate, hpvmmodify, and hpvmclone commands with the -g and -u options to assign administrator and operator privileges. The user name for the guest administrator account must be the same as the virtual machine name. Therefore, the guest admin account for virtual machine compass1 must have the user name compass1.

You cannot use the su command to change from one privilege level to another. Per-user checks are based on login account identifiers, not UUIDs.

Guest operators and administrators need access to the hpvmconsole command to control the virtual machine. If you do not want the same users to have access to the VM Host, you can restrict use of the hpvmconsole command to guest console access only by creating a restricted account for that purpose. To do so, follow these steps:

  1. Using the useradd command, set up an /etc/passwd entry for each guest on the VM Host. The user name of the account must be the same as the guest name and must have no more than 8 characters. For example:

    # useradd -d /var/opt/hpvm/guests/compass1 -c 'compass1 console' -s /opt/hpvm/bin/hpvmconsole guest1

    This example uses the following options:

    • -d specifies the home directory for the guest1 account.

    • -c specifies a comment text string that describes the account.

    • -s specifies the path for the shell of the new account.

  2. Use the passwd command to set a password for the account. For example:

    # passwd guest1

A guest administrator can now access the compass1 virtual console by using the ssh command or telnet command on the VM Host and logging in to the compass1 account. The guest administrator cannot use the su command.

NOTE: For security reasons, HP strongly recommends that you do not include /opt/hpvm/bin/hpvmconsole, the virtual console image, in /etc/shells. Doing so opens two security vulnerabilities:

  • It allows ftp access to the account.

  • It allows a general user to select the image with the chsh command.

The following is an example session of remote access to the compass1 virtual console on the VM Host myhost:

# telnet compass1

Trying 16.xx.yy.zz...
Connected to compass1.rose.com.
Escape character is '^]'.

HP-UX compass B.11.23 U ia64 (ta)

login: guest1
Password: 
Please wait...checking for disk quotas


   MP MAIN MENU

         CO: Console
         CM: Command Menu
         CL: Console Log
         SL: Show Event Logs
         VM: Virtual Machine Menu
         HE: Main Help Menu
          X: Exit Connection

[compass1] vMP>

The virtual console interface displays raw characters for the CL and CO commands, including the guest's attempts to query the console terminal for its type and characteristics. As a result, the terminal answers those queries, which can cause the terminal setup communication to interfere with the virtual console commands. Interactive users can clear the screen. This situation can be a problem, however, for noninteractive or scripted use of the console.



Monitoring Guests
  		 


Creating the Guest Management Software Repository  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2006 Hewlett-Packard Development Company, L.P.