Alex Sherwin wrote:
Is
it possible to use create-service on Solaris as a non-root user?
I've tried adding the solaris.smf auths to my user such as "usermod -A
solaris.smf.* [my_user]" without luck, as well as following the
instructions in the "Restricting Service Administration in the Solaris
10 Operating System" guide 819-2887.pdf, which has you create a role
for the "Service Management" and assign the role to the user, which I
have done as well, to no avail.
I see this error when I try to run the command as non-root:
-bash-3.00$ asadmin create-service --passwordfile
/export/home/[my_user]/domains/[my_domain]/config/service.passwd
--serviceproperties net_privaddr
/export/home/[my_user]/domains/[my_domain]
The user [[my_user]] does not have permission to create the service
manifest related files and directories at
[/var/svc/manifest/application/SUNWappserver/]. This structure is
required per SMF guidelines. Either become super-user to do this
operation or contact the System Administrator to explicitly get the
relevant permissions and try again.
The solaris.smf privileges only give you permissions to modify the smf
services via the smf tools - they don't grant the ability to write to
root-owned directories.... and you probably don't want to grant the
additional privileges to allow a user to be able to ignore the file
permission bits without careful thought. As the error suggests,
running the asadmin command as root is the best course of action.
In the asadmin create-service --help information it does state:
To run this command, you must have solaris.smf.*
authoriza-
tion. See the useradd and usermod manpages to find out how
to set the authorizations. It is also essential for the
users to have write permission in the directory tree:
/var/svc/manifest/application/SUNWappserver. Usually, the
super-user has both these permissions. If one wishes to run
these commands as non-root user, then the system administra-
tor must be contacted so that the relevant authorizations
are granted.
You need to also ensure that:
o Solaris 10 administration commands such as svccfg,
svcs, and auths are available in the PATH, so that
these commands can be executed. A simple test to do
so is to issue the command, which svccfg on a bash
shell.
o You should have write permission for the path,
/var/svc/manifest/application.
An intermediate solution is to pre-create the
/var/svc/manifest/application/SUNWappserver directory, make it owned by
root and put it into the same group as your user, then chmod the
SUNWappserver directory so its group-writable.
Regards,
Steve
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net