Another addition to svcbundle was the addition to set

  • user
  • group
  • privileges

to directly create manifests for SMF that didn’t need manual editing to adhere to the best practice that you should run services always at the least nescesarry privileges.

svcbundle -s service-name=site/narf \
 -s start-method="/lib/svc/method/narf %m" \
 -s stop-method="/lib/svc/method/narf %m" \
 -s refresh-method="/lib/svc/method/narf %m" \
 -s model=daemon \
 -s user=webserv \
 -s group=webgrp \
 -s privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr'
            <method_credential user="webserv" group="webgrp"

Please keep in mind, that svcbundle doesn’t check if the user or group actually exists on your system, because most often you will create a manifest in development and the user and group on you production systems may be totally different ones.

Written by

Joerg Moellenkamp

Grey-haired, sometimes grey-bearded Windows dismissing Unix guy.