As i wrote yesterday, there is an alternate way to configure zone console access. Let’s assume we want to give the user junior the authorization to access the zone console of playground. Yesterday we removed the configuration at the end allowing junior to do so.

root@solaris:~# su - junior
junior@solaris:~$ auths
solaris.admin.wusb.read,solaris.mail.mailq,solaris.network.autoconf.read
junior@solaris:~$ profiles
Basic Solaris User
All

You can use the zonecfg to give the nescessary authorizations as well.

root@solaris:~# zonecfg -z playground
zonecfg:playground> add admin
zonecfg:playground:admin> set user=junior
zonecfg:playground:admin> set auths=console
zonecfg:playground:admin> end
zonecfg:playground> commit
zonecfg:playground> exit

Let’s try to open a zone console:

junior@solaris:~$ pfexec zlogin -C playground
[Connected to zone 'playground' console]

playground console login:

How does this work? Well, it just does the same as i wrote yesterday. It adds an authorization and a rights profile. You just use a different mechanism to do so.

root@solaris:~# su - junior
junior@solaris:~$ auths
solaris.admin.wusb.read,solaris.mail.mailq,solaris.network.autoconf.read,solaris.zone.console/playground
junior@solaris:~$ profiles
Zone Console
Basic Solaris User
All
junior@solaris:~$
Written by

Joerg Moellenkamp

Grey-haired, sometimes grey-bearded Windows dismissing Unix guy.