Solaris

Even more new options for svcbundle

Joerg Moellenkamp
Joerg Moellenkamp

Another addition to svcbundle was the addition to set

  • user
  • group
  • privileges

to directly create manifests for SMF that didn’t need manual editing to adhere to the best practice that you should run services always at the least nescesarry privileges.

svcbundle -s service-name=site/narf \
 -s start-method="/lib/svc/method/narf %m" \
 -s stop-method="/lib/svc/method/narf %m" \
 -s refresh-method="/lib/svc/method/narf %m" \
 -s model=daemon \
 -s user=webserv \
 -s group=webgrp \
 -s privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr'
[..]
        <method_context>
            <method_credential user="webserv" group="webgrp"
                privileges="basic,!proc_session,!proc_info,!file_link_any,net_privaddr"
            />
        </method_context>

Please keep in mind, that svcbundle doesn’t check if the user or group actually exists on your system, because most often you will create a manifest in development and the user and group on you production systems may be totally different ones.

Joerg Moellenkamp
Written by

Joerg Moellenkamp

Grey-haired, sometimes grey-bearded Windows dismissing Unix guy.

You may also like...

Solaris

Solaris 11.4 support available until at least 2037

There is an important note in footnote 7 on page 40 of the ["Oracle and Sun System Software and Operating Systems - Oracle Lifetime Support Policy"](https://...

Solaris

Rest in peace, Joerg Schilling

Just saw the notification that Joerg Schilling, the creator of the cdrtools and Schillix (and many other tools), passed away this Sunday. He was one of the w...

Solaris

Additional information for your zone configuration.

Sometimes it's useful to enrich your zone configuration with some additional data, so someone can look into the zone config and know for example who is respo...