sun.com docs.sun.com My Sun Worldwide Sites

Previous Previous     Contents     Index     Next Next

Chapter 21

Non-Global Zone Login (Overview)

This chapter discusses logging in to zones from the global zone.

The following topics are covered in this chapter:

For procedures and usage information, see Chapter 22, Logging In to Non-Global Zones (Tasks).

For information about logging into lx branded zones, see Chapter 34, Logging In to lx Branded Zones (Tasks).

zlogin Command

After you install a zone, you must log in to the zone to complete its application environment. You might log in to the zone to perform administrative tasks as well. Unless the -C option is used to connect to the zone console, logging in to a zone using zlogin starts a new task. A task cannot span two zones.

The zlogin command is used to log in from the global zone to any zone that is in the running state or the ready state.


Note - Only the zlogin command with the -C option can be used to log in to a zone that is not in the running state.


As described in How to Use Non-Interactive Mode to Access a Zone, you can use the zlogin command in non-interactive mode by supplying a command to run inside a zone. However, the command or any files the command acts upon cannot reside on NFS. The command will fail if any of its open files or any portion of its address space resides on NFS. The address space includes the command executable itself and the command's linked libraries.

The zlogin command can only be used by the global administrator operating in the global zone. See the zlogin(1) man page for more information.

Internal Zone Configuration

After installation, the zone is in an unconfigured state. The zone does not have an internal configuration for naming services, its locale and time zone have not been set, and various other configuration tasks have not been performed. Therefore, the sysidtool programs are run the first time a zone is booted. For more information, see the sysidtool(1M) man page.

Two methods are available for performing the required configuration:

  • Zone console login, which initiates a series of questions from the system. Be prepared to respond to the following:

    • Language

    • Type of terminal being used

    • Host name

    • Security policy (Kerberos or standard UNIX)

    • Naming service type (None is a valid response)

    • Naming service domain

    • Name server

    • Default time zone

    • Root password

    The procedure is described in Performing the Initial Internal Zone Configuration.

  • An /etc/sysidcfg file, which you can create and place inside the zone before you boot the zone for the first time. See the sysidcfg(4) man page for more information.

Non-Global Zone Login Methods

This section describes the methods you can use to log in to a zone.

Zone Console Login

Each zone maintains a virtual console, /dev/console. Performing actions on the console is referred to as console mode. Console login to a zone is available when the zone is in the installed state. The zone console is closely analogous to a serial console on a system. Connections to the console persist across zone reboots. To understand how console mode differs from a login session such as telnet, see Remote Login.

The zone console is accessed by using the zlogin command with the -C option and the zonename. The zone does not have to be in the running state.

Processes inside the zone can open and write messages to the console. If the zlogin -C process exits, another process can then access the console.

User Login Methods

To log in to the zone with a user name, use the zlogin command with the -l option, the user name, and the zonename. For example, the administrator of the global zone can log in as a normal user in the non-global zone by specifying the -l option to zlogin:

global# zlogin -l user zonename

To log in as user root, use the zlogin command without options.

Failsafe Mode

If a login problem occurs and you cannot use the zlogin command or the zlogin command with the -C option to access the zone, an alternative is provided. You can enter the zone by using the zlogin command with the -S (safe) option. Only use this mode to recover a damaged zone when other forms of login are not succeeding. In this minimal environment, it might be possible to diagnose why the zone login is failing.

Remote Login

The ability to remotely log in to a zone is dependent on the selection of network services that you establish. By default, a non-global zone is installed with the limited networking configuration (/var/svc/profile/generic_limited_net.xml), and only the ssh login is enabled. Logins through rlogin and telnet can be added if needed, either by using the netservices command to switch the zone to the open networking configuration or by enabling the services using SMF.

For more information about changing the network profile or using SMF commands to add services to zones, see Switching the Non-Global Zone to a Different Network Service Configuration. For more information about login commands, see rlogin(1)ssh(1), and telnet(1)

Previous Previous     Contents     Index     Next Next
Company Info Contact Terms of Use Privacy Copyright 1994-2007 Sun Microsystems, Inc.