Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP Integrity Virtual Machines Version 4.0 Release Notes > Chapter 6 Guest Administration

Creating Virtual Machine Administrator and Operator Accounts

» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

In prior versions of Integrity VM, only admin console access is available, and only one such account per guest is allowed. The administrator account name must match the guest name. The new version of Integrity VM provides proper access controls and individual accountability for these accounts.

A captive virtual console account is a special-purpose user account created on the VM Host for each guest administrator. These types of user accounts use /opt/hpvm/bin/hpvmconsole for a shell, and the desired guest's per-guest directory for a home directory. For virtual console access, the account also requires a password, and access to its associated guest. You create this account with the hpvmcreate, hpvmclone, or hpvmmodify command. You can establish group membership of the account using the -g option to those commands, or user membership, using the -u option to those commands.

NOTE: Do not use the hpvmsys group for user accounts. This group is used for security isolation between components of Integrity VM.

The HP-UX useradd command might not work as expected. To create user accounts for virtual console access, use the useradd command before you create the virtual machine. Alternatively, specify the user account directory completely in the /etc/passwd file, ensuring the entry is unique.

In the following example, the useradd command is used to create three user accounts on the VM Host system (testme1, testme2, and testme3):

# useradd -r no -g users -s /opt/hpvm/bin/hpvmconsole \ -c "Console access to guest 'testme'" \ -d /var/opt/hpvm/guests/testme \ testme1 # useradd -r no -g users -s /opt/hpvm/bin/hpvmconsole \ -c "Console access to guest 'testme'" \> -d /var/opt/hpvm/guests/testme \ testme2 # useradd -r no -g users -s /opt/hpvm/bin/hpvmconsole \ -c "Console access to guest 'testme'" \ -d /var/opt/hpvm/guests/testme \ testme3

The following command creates the virtual machine named testme:

# hpvmcreate -P testme -u testme1:admin -u testme2 -u testme3:oper

At this point, users testme2 and testme3 both have oper level access to the virtual console, and user testme1 has admin level access. In order to make these accounts usable, set passwords for them, as follows:

# passwd testme1 ... # passwd testme2 ... # passwd testme3 ...

Because of the way the useradd command works, an attempt to create an additional account might result in an error. For example, the following command attempts and fails to add the testme4 user account:

# useradd -r no -g users -s /opt/hpvm/bin/hpvmconsole \ > -c "Console access to guest 'testme'" \ > -d /var/opt/hpvm/guests/testme \ > testme4 '/var/opt/hpvm/guests/testme' is not a valid directory

To enter the command correctly, include the entire directory path. For example:

# useradd -r no -g users -s /opt/hpvm/bin/hpvmconsole \ > -c "Console access to guest 'testme'" \ > -d /var/opt/hpvm/guests/testme/. \ > testme4 # hpvmmodify -P testme -u testme4 # passwd testme4

Note the addition of the /. to the end of the argument to the —d option, which ensures there is no confusion with HP-UX shared home directories.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.