This chapter discusses logging in to zones from the global zone.
The following topics are covered in this chapter:
For procedures and usage information, see Chapter 22, Logging In to Non-Global Zones (Tasks).
After you install a zone, you must log in to the zone to complete its application environment. You might log in to the zone to perform administrative tasks as well. Unless the -C option is used to connect to the zone console, logging in to a zone using zlogin starts a new task. A task cannot span two zones.
Only the zlogin command with the -C option can be used to log in to a zone that is not in the running state.
As described in How to Use Non-Interactive Mode to Access a Zone, you can use the zlogin command in non-interactive mode by supplying a command to run inside a zone. However, the command or any files the command acts upon cannot reside on NFS. The command will fail if any of its open files or any portion of its address space resides on NFS. The address space includes the command executable itself and the command's linked libraries.
The zlogin command can only be used by the global administrator operating in the global zone. See the zlogin(1) man page for more information.
After installation, the zone is in an unconfigured state. The zone does not have an internal configuration for naming services, its locale and time zone have not been set, and various other configuration tasks have not been performed. Therefore, the sysidtool programs are run the first time zone console login is used. For more information, see the sysidtool(1M) man page.
Two methods are available for performing the required configuration:
Zone console login, which initiates a series of questions from the system. Be prepared to respond to the following:
Type of terminal being used
Security policy (Kerberos or standard UNIX)
Naming service type (None is a valid response)
Naming service domain
Default time zone
The procedure is described in Performing the Initial Internal Zone Configuration.
An /etc/sysidcfg file, which you can create and place inside the zone before you boot the zone for the first time. See the sysidcfg(4) man page for more information.
This section describes the methods you can use to log in to a zone.
Each zone maintains a virtual console, /dev/console. Performing actions on the console is referred to as console mode. The zone console is closely analogous to a serial console on a system. Connections to the console persist across zone reboots. To understand how console mode differs from a login session such as telnet, see Remote Login.
The zone console is accessed by using the zlogin command with the -C option and the zonename. The zone does not have to be in the running state.
Processes inside the zone can open and write messages to the console. If the zlogin -C process exits, another process can then access the console.
To log in to the zone with a user name, use the zlogin command with the -l option, the user name, and the zonename. For example, the administrator of the global zone can log in as a normal user in the non-global zone by specifying the -l option to zlogin:
global# zlogin -l user zonename
To log in as user root, use the zlogin command without options.
If a login problem occurs and you cannot use the zlogin command or the zlogin command with the -C option to access the zone, an alternative is provided. You can enter the zone by using the zlogin command with the -S (safe) option. Only use this mode to recover a damaged zone when other forms of login are not succeeding. In this minimal environment, it might be possible to diagnose why the zone login is failing.
The ability to remotely log in to a zone is dependent on the selection of network services that you establish. By default, logins through rlogin, ssh, and telnet function normally. For more information about these commands, see rlogin(1), ssh(1), and telnet(1).
Two other methods for accessing the zone and for executing commands inside the zone are also provided by the zlogin command. These methods are interactive mode and non-interactive mode.
In interactive mode, a new pseudo-terminal is allocated for use inside the zone. Unlike console mode, in which exclusive access to the console device is granted, an arbitrary number of zlogin sessions can be open at any time in interactive mode. Interactive mode is activated when you do not include a command to be issued. Programs that require a terminal device, such as an editor, operate correctly in this mode.
Non-interactive mode is used to run shell-scripts which administer the zone. Non-interactive mode does not allocate a new pseudo-terminal. Non-interactive mode is enabled when you supply a command to be run inside the zone.