Man pages sections > man8 > iucvtty

iucvtty - allow remote logins over z/VM IUCV

iucvtty(8) IUCV terminal applications iucvtty(8)

NAME

iucvtty - allow remote logins over z/VM IUCV

SYNOPSIS

iucvtty [-h|--help]
 
iucvtty [-v|--version]
 
iucvtty [-a|--allow-from regex] terminal_id [-- login_program [login_options]]

DESCRIPTION

The iucvtty application provides full-screen terminal access to a Linux instance running as a z/VM guest operating system. The iucvconn application is used to connect to a running iucvtty instance.
 
The terminal connection is based on the z/VM Inter-User Communication Vehicle (IUCV). z/VM IUCV establishes a communication path between two z/VM guest virtual machines on the same z/VM instance. Because z/VM IUCV is independent from TCP/IP, Linux instances with no external network can be accessed.
 
terminal_id identifies the z/VM IUCV connection and is similar to a port number in TCP/IP communications. terminal_id is case-sensitive and consists of up to 8 alphanumeric characters. It must be specified as a parameter in connection requests against a iucvtty instance.
 
When a connection is established, iucvtty starts a login program. When the login program ends, iucvtty also exits. Consider an inittab(5) entry to ensure that iucvtty is restarted and ready for the next terminal session.

OPTIONS

-h, --help
Display a short help text and exit.
-v, --version
Display the version number of iucvtty, then exit.
-a, --allow-from regex
Limit permissions for incoming connections to z/VM user IDs that match the regular expression regex. The connection is refused if the ID does not match. If this parameter is omitted, connections are permitted from any z/VM user ID.
login_program
login_program specifies the absolute path to the login program to be started when a connection is established. The default is /bin/login(1).
 
The login_program must be separated by two dashes (--).
login_options
Depending on the particular login program used, login_options specifies additional options.

EXAMPLES

To allow remote logins using the terminal identifier "lnxterm":

iucvtty lnxterm

 
To only allow users from LNXSYS01 to connect to terminal "lnxterm":

iucvtty -a LNXSYS01 lnxterm

 
To only allow users from LNXSYS10 through LNXSYS19 to connect to terminal "lnxterm":

iucvtty -a "LNXSYS1[0-9]" lnxterm

 
To use /sbin/sulogin instead of /bin/login for terminal "suterm":

iucvtty suterm -- /sbin/sulogin

 
An entry in /etc/inittab to facilitate user logins on terminal "lnxterm" with /bin/login could be:

t1:2345:respawn:/sbin/iucvtty lnxterm

 
An entry in /etc/inittab to facilitate user logins on terminal "suterm" with /sbin/sulogin in single user mode could be:

s1:S:respawn:/sbin/iucvtty suterm -- /sbin/sulogin

DIAGNOSTICS

If the Linux kernel does not include kernel support for the AF_IUCV network addressing family, iucvtty exits and displays the message 'AF_IUCV address family is not available: Address family not supported by protocol'.

SECURITY

Linux

The iucvtty program can be used by regular users. Depending on the particular login program, iucvtty must be started with superuser privileges for user authentication and authorization. For instance, /bin/login requires superuser privileges and, thus, regular users must use a different login program.
 
Each connection attempt is logged to the authpriv syslog facility.
 
iucvtty uses pseudo-terminal (pts) devices to communicate with the login program. For security reasons, some login programs, like /bin/login, do not permit root logins on pseudo-terminal devices (see also /etc/securetty(5)).
 
To permit root logins, consider using HVC terminal devices that are provided by the z/VM IUCV hypervisor console (HVC) device driver.

z/VM guest virtual machine

See the af_iucv(7) manual page for details about IUCV authorizations.

SEE ALSO

iucvconn(1), login(1), pts(4), regex(7), securetty(5), af_iucv(7), hvc_iucv(9)
March 2009 s390-tools