Solaris

Even more new options for svcbundle

Joerg Moellenkamp
Joerg Moellenkamp

Another addition to svcbundle was the addition to set

  • user
  • group
  • privileges

to directly create manifests for SMF that didn’t need manual editing to adhere to the best practice that you should run services always at the least nescesarry privileges.

svcbundle -s service-name=site/narf \
 -s start-method="/lib/svc/method/narf %m" \
 -s stop-method="/lib/svc/method/narf %m" \
 -s refresh-method="/lib/svc/method/narf %m" \
 -s model=daemon \
 -s user=webserv \
 -s group=webgrp \
 -s privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr'
[..]
        <method_context>
            <method_credential user="webserv" group="webgrp"
                privileges="basic,!proc_session,!proc_info,!file_link_any,net_privaddr"
            />
        </method_context>

Please keep in mind, that svcbundle doesn’t check if the user or group actually exists on your system, because most often you will create a manifest in development and the user and group on you production systems may be totally different ones.

Joerg Moellenkamp
Written by

Joerg Moellenkamp

Grey-haired, sometimes grey-bearded Windows dismissing Unix guy.

You may also like...

Solaris

Solaris 11.4 SRU 60: Sample separation in iostat

As i had quite a fight with a larger IKEA PAX closet for my bedroom, i hadn't quite the time to complete the ZFS retention article so far. Thus today a small...

Solaris

Solaris 11.4 SRU 66: Precision of logfile timestamps

Another rather small change that was introduces to Solaris 11 in SRU 66. Up to SRU65 the precision of the timestamps in the logfile was seconds. Jul 5...

Solaris

Solaris 11.4 SRU 57: Why did you reboot the system?

Yet another small addition to Solaris 11.4. This one was released with SRU 57. `reboot`, `shutdown` and `poweroff` got a new option. With `-c` you can now s...