HP-UX vPars and Integrity VM V6.3 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 Integrity Virtual Machines Host Per Core License LTU

221

222

223

224

225

226

227

228

229

230

The following command creates the VM named testme with the administrator named testme1:

# hpvmcreate -P testme -u testme1:admin

Guest operators and administrators need access to the hpvmconsole command to control the

VM. If you do not want the same users to have access to the VSP, you can restrict use of the

hpvmconsole command to only guest console access by creating a restricted account for that

purpose. To do so:

1. Use the useradd command and set up an /etc/passwd entry for each guest on the VSP.

The user name of the account must be the same as the guest name, and must have no more

than eight characters. For example:

# useradd -d /var/opt/hpvm/guests/host1 \

-c 'host1 console' -s /opt/hpvm/bin/hpvmconsole host1

This example uses the following options:

• The -d option specifies the home directory for the host1 account.

• The -c option specifies a comment text string that describes the account.

• The -s option specifies the path for the shell of the new account.

2. Use the passwd command to set a password for the account. For example:

# passwd host1

3. Use the hpvmmodify command to provide the user with guest administration privileges:

# hpvmmodify -P winguest1 -u host1:admin

A guest administrator can now access the host1 virtual console by using the ssh command or

telnet command on the VSP and logging in to the host1 account. The guest administrator

cannot use the su command.

NOTE: For security reasons, HP strongly recommends that you do not include /opt/hpvm/bin/

hpvmconsole, the virtual console image, in /etc/shells. Doing so opens two security

vulnerabilities:

• It allows ftp access to the account.

• It allows a general user to select the image with the chsh command.

The following is an example session of remote access to the host1 virtual console on the VSP

myhost:

# telnet host1

Trying .xx.yy.zz...

Connected to host1.rose.com.

Escape character is '^]'.

HP-UX host B.11.31 U ia64 (ta)

Password:

Please wait...checking for disk quotas

MP MAIN MENU

CO: Console

CM: Command Menu

CL: Console Log

SL: Show Event Logs

VM: Virtual Machine Menu

HE: Main Help Menu

X: Exit Connection

226 Managing vPars and VMs using CLI