This chapter discusses logging in to zones from the global zone.
The following topics are covered in this chapter:
For procedures and usage information, see Chapter 21, Logging In to Non-Global Zones (Tasks).
For information about logging into lx branded zones, see Chapter 34, Logging In to lx Branded Zones (Tasks).
After you install a zone, you must log in to the zone to complete its application environment. You might log in to the zone to perform administrative tasks as well. Unless the -C option is used to connect to the zone console, logging in to a zone using zlogin starts a new task. A task cannot span two zones.
The zlogin command is used to log in from the global zone to any zone that is in the running state or the ready state.
Only the zlogin command with the -C option can be used to log in to a zone that is not in the running state.
As described in How to Use Non-Interactive Mode to Access a Zone, you can use the zlogin command in non-interactive mode by supplying a command to run inside a zone. However, the command or any files the command acts upon cannot reside on NFS. The command will fail if any of its open files or any portion of its address space resides on NFS. The address space includes the command executable itself and the command's linked libraries.
The zlogin command can only be used by the global administrator operating in the global zone. See the zlogin(1) man page for more information.
After installation, the zone is in an unconfigured state. The zone does not have an internal configuration for naming services, its locale and time zone have not been set, and various other configuration tasks have not been performed. Therefore, the sysidtool programs are run the first time a zone is booted. For more information, see the sysidtool(1M) man page.
Two methods are available for performing the required configuration:
Zone console login, which initiates a series of questions from the system. Be prepared to respond to the following:
Type of terminal being used
Security policy (Kerberos or standard UNIX)
Naming service type (None is a valid response)
Naming service domain
Default time zone
The procedure is described in Performing the Initial Internal Zone Configuration.
An /etc/sysidcfg file, which you can create and place inside the zone before you boot the zone for the first time. See the sysidcfg(4) man page for more information.
This section describes the methods you can use to log in to a zone.
Each zone maintains a virtual console, /dev/console. Performing actions on the console is referred to as console mode. Console login to a zone is available when the zone is in the installed state. The zone console is closely analogous to a serial console on a system. Connections to the console persist across zone reboots. To understand how console mode differs from a login session such as telnet, see Remote Login.
The zone console is accessed by using the zlogin command with the -C option and the zonename. The zone does not have to be in the running state.
Processes inside the zone can open and write messages to the console. If the zlogin -C process exits, another process can then access the console.
To log in to the zone with a user name, use the zlogin command with the -l option, the user name, and the zonename. For example, the administrator of the global zone can log in as a normal user in the non-global zone by specifying the -l option to zlogin:
global# zlogin -l user zonename
To log in as user root, use the zlogin command without options.
If a login problem occurs and you cannot use the zlogin command or the zlogin command with the -C option to access the zone, an alternative is provided. You can enter the zone by using the zlogin command with the -S (safe) option. Only use this mode to recover a damaged zone when other forms of login are not succeeding. In this minimal environment, it might be possible to diagnose why the zone login is failing.
The ability to remotely log in to a zone is dependent on the selection of network services that you establish. By default, a non-global zone is installed with the limited networking configuration (/var/svc/profile/generic_limited_net.xml), and only the ssh login is enabled. Logins through rlogin and telnet can be added if needed, either by using the netservices command to switch the zone to the open networking configuration or by enabling the services using SMF.
For more information about changing the network profile or using SMF commands to add services to zones, see Switching the Non-Global Zone to a Different Networking Service Configuration. For more information about login commands, see rlogin(1), ssh(1), and telnet(1)
Two other methods for accessing the zone and for executing commands inside the zone are also provided by the zlogin command. These methods are interactive mode and non-interactive mode.
In interactive mode, a new pseudo-terminal is allocated for use inside the zone. Unlike console mode, in which exclusive access to the console device is granted, an arbitrary number of zlogin sessions can be open at any time in interactive mode. Interactive mode is activated when you do not include a command to be issued. Programs that require a terminal device, such as an editor, operate correctly in this mode.
Non-interactive mode is used to run shell-scripts which administer the zone. Non-interactive mode does not allocate a new pseudo-terminal. Non-interactive mode is enabled when you supply a command to be run inside the zone.