Current File : //usr/man/man1/zlogin.1

'\" te
.\" Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights
.\"     reserved.
.TH zlogin 1 "18 Sep 2015" "SunOS 5.11" "User Commands"
.SH NAME
zlogin \- enter a zone
.SH SYNOPSIS
.LP
.nf
\fBzlogin\fR [\fB-dCETU\fR] [\fB-e\fR \fIc\fR] [\fB-l\fR \fIusername\fR] \fIzonename\fR
.fi

.LP
.nf
\fBzlogin\fR [\fB-ESTU\fR] [\fB-e\fR \fIc\fR] [\fB-l\fR \fIusername\fR] \fIzonename\fR \fIutility\fR 

     [\fIargument\fR]...
.fi

.SH DESCRIPTION
.sp
.LP
The \fBzlogin\fR utility is used to enter an operating system zone. Only a user operating in the global system zone can use this utility, and it must be executed with all privileges. In addition, the user must be authorized to use specific options described in the \fBOPTIONS\fR section.
.sp
.LP
\fBzlogin\fR checks for authorization strings which optionally include the specified \fBzonename\fR as a suffix, preceded by the slash character. When omitted, the authorization matches any zone.
.sp
.LP
\fBzlogin\fR operates in one of three modes:
.sp
.ne 2
.mk
.na
\fBInteractive Mode\fR
.ad
.RS 24n
.rt  
If no utility argument is given and the stdin file descriptor for the \fBzlogin\fR process is a tty device, \fBzlogin\fR operates in \fBinteractive mode\fR. In this mode, \fBzlogin\fR creates a new pseudo terminal for use within the login session. Programs requiring a tty device, for example, \fBvi\fR(1), work properly in this mode. In this mode, \fBzlogin\fR invokes \fBlogin\fR(1) to provide a suitable login session.
.RE

.sp
.ne 2
.mk
.na
\fBNon-Interactive Mode\fR
.ad
.RS 24n
.rt  
If a utility is specified, \fBzlogin\fR operates in \fBnon-interactive mode\fR. This mode can be useful for script authors since \fBstdin\fR, \fBstdout\fR, and \fBstderr\fR are preserved and the exit status of \fIutility\fR is returned upon termination. In this mode, \fBzlogin\fR invokes \fBsu\fR(1M) in order to set up the user's environment and to provide a login environment.
.sp
The specified command is passed as a string and interpreted by a shell running in the non-global zone. See \fBrsh\fR(1).
.RE

.sp
.ne 2
.mk
.na
\fBConsole Mode\fR
.ad
.RS 24n
.rt  
If the \fB-C\fR option is specified, the user is connected to the zone console device and \fBzlogin\fR operates in \fBconsole mode\fR. The zone console is available once the zone is in the installed state. Connections to the console are persistent across reboot of the zone.
.RE

.SH OPTIONS
.sp
.LP
The following options are supported:
.sp
.ne 2
.mk
.na
\fB\fB-C\fR\fR
.ad
.RS 15n
.rt  
Connects to the zone console. Access to the zone console requires the authorization \fBzone.manage/\fIzonename\fR\fR.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-d\fR\fR
.ad
.RS 15n
.rt  
If the zone halts, disconnect from the console.  This option can only be specified along with \fB-C\fR.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-e\fR \fIc\fR\fR
.ad
.RS 15n
.rt  
Specifies a different escape character, \fIc\fR, for the key sequence used to access extended functions and to disconnect from the login. The default escape character is the tilde (\fB~\fR).
.RE

.sp
.ne 2
.mk
.na
\fB\fB-E\fR\fR
.ad
.RS 15n
.rt  
Disables the ability to access extended functions or to disconnect from the login by using the escape sequence character.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-l\fR \fIusername\fR\fR
.ad
.RS 15n
.rt  
Specifies a different \fIusername\fR for the zone login. If you do not use this option, the zone username used is \fBroot\fR. This option is invalid if the \fB-C\fR option is specified.
.sp
The username must be valid in the zone. For interactive logins the authorization \fBsolaris.zone.login/\fIzonename\fR\fR is required, and password authentication takes place in the zone. For non-interactive logins, or to bypass password authentication, the authorization \fBsolaris.zone.manage/\fIzonename\fR\fR is required.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-S\fR\fR
.ad
.RS 15n
.rt  
\fBSafe\fR login mode. \fBzlogin\fR does minimal processing and does not invoke \fBlogin\fR(1) or \fBsu\fR(1M). The zone username is set to \fBroot\fR. The \fB-S\fR option cannot be used if a username is specified through the \fB-l\fR option, and cannot be used with console logins. This mode should only be used to recover a damaged zone when other forms of login have become impossible.
.sp
Use of this option requires the authorization \fBsolaris.zone.manage/\fIzonename\fR\fR.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-T\fR\fR
.ad
.RS 15n
.rt  
Enters an immutable zone as a "Trusted Path Domain" member. This session can modify files which are normally immutable. Such processes cannot read unprotected files. The \fB-T\fR option cannot be used with console login.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-U\fR\fR
.ad
.RS 15n
.rt  
Similar to  \fB-T\fR option, but turns on "unsafe" mode.
.RE

.SS "Escape Sequences"
.sp
.LP
Lines that you type that start with the tilde character (\fB~\fR) are "escape sequences". The escape character can be changed using the \fB-e\fR option.
.sp
.ne 2
.mk
.na
\fB\fB~.\fR\fR
.ad
.RS 6n
.rt  
Disconnects from the zone. This is not the same as a logout, because the local host breaks the connection with no warning to the zone's end.
.RE

.SH SECURITY
.sp
.LP
Once a process has been placed in a zone other than the global zone, the process cannot change zone again, nor can any of its children.
.SH OPERANDS
.sp
.LP
The following operands are supported:
.sp
.ne 2
.mk
.na
\fB\fIzonename\fR\fR
.ad
.RS 15n
.rt  
The name of the zone to be entered.
.RE

.sp
.ne 2
.mk
.na
\fB\fIutility\fR\fR
.ad
.RS 15n
.rt  
The utility to be run in the specified zone.
.RE

.sp
.ne 2
.mk
.na
\fB\fIargument...\fR\fR
.ad
.RS 15n
.rt  
Arguments passed to the utility.
.RE

.SH ENVIRONMENT VARIABLES
.sp
.LP
\fBzlogin\fR normally sets the following environment variables:
.sp
.ne 2
.mk
.na
\fB\fBLANG\fR, \fBLC_ALL\fR, \fBLC_COLLATE\fR, \fBLC_CTYPE\fR,\fR
.ad
.br
.na
\fB\fBLC_MESSAGES\fR, \fBLC_MONETARY\fR, \fBLC_NUMERIC\fR, \fBLC_TIME\fR\fR
.ad
.sp .6
.RS 4n
The values of these environment variables can be set according to the locale settings on the client side.
.RE

.SH EXIT STATUS
.sp
.LP
In interactive and non-interactive modes, the \fBzlogin\fR utility exits when the command or shell in the non-global zone exits. In non-interactive mode, the exit status of the remote program is returned as the exit status of \fBzlogin\fR. In interactive mode and console login mode, the exit status is not returned. \fBzlogin\fR returns a \fB0\fR exit status as long as no connection-related error occurred.
.sp
.LP
In all modes, in the event that a connection to the zone cannot be established, the connection fails unexpectedly, or the user is lacking sufficient privilege to perform the requested operation, \fBzlogin\fR exits with status \fB1\fR.
.sp
.LP
To summarize, the following exit values are returned:
.sp
.ne 2
.mk
.na
\fB\fB0\fR\fR
.ad
.RS 7n
.rt  
Successful entry.
.RE

.sp
.ne 2
.mk
.na
\fB\fB1\fR\fR
.ad
.RS 7n
.rt  
Permission denied, or failure to enter the zone.
.RE

.sp
.ne 2
.mk
.na
\fBAny\fR
.ad
.RS 7n
.rt  
Return code from utility, or from \fBsu\fR(1M) if operating in non-interactive mode.
.sp
In a \fBsolaris-kz\fR brand zone, a non-console login is implemented by creating a new terminal driver instance, and starting a stub process called 'zvlogin' which spawns the shell as needed. The zone must therefore be booted to a certain point (such that the svc:/system/sysevent:default service is running) for zlogin to work. In all other respects, the visible behavior is the same.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
Availabilitysystem/zones
_
Interface StabilityCommitted
.TE

.SH SEE ALSO
.sp
.LP
\fBlogin\fR(1), \fBrsh\fR(1), \fBvi\fR(1), \fBsu\fR(1M), \fBzoneadm\fR(1M), \fBzonecfg\fR(1M), \fBattributes\fR(5), \fBtpd\fR(5), \fBzones\fR(5)
.SH NOTES
.sp
.LP
\fBzlogin\fR fails if its open files or any portion of its address space corresponds to an NFS file. This includes the executable itself or the shared libraries.