Re: [discuss] user_attr.d

Tue, 08 Apr 2014 06:02:02 -0700 

On Tue, Apr 8, 2014 at 12:41 PM, Gabriele Bulfon <[email protected]>wrote:

> Oh yes, just a typo .....now it works.
>
> So now, what if I want to add a specific service management?
>
> I tried adding a lightdm file in /etc/security/auth_attr.d
>
> solaris.smf.manage.lightdm:::Manage LightDM service
> states::help=ManageLightDM.html
> solaris.smf.modify.lightdm:::Modify LightDM service
> states::help=ModifyLightDM.html
>
> then give these two specific permission in /etc/user_attr.d/lightdm,
> refreshed rbac,
> su - lightdm, auths shows correct auths, but svcadm gives no premission to
> disable lightdm.....
>
>
You need to explicitly allow the specific authorizations in the service's
SMF manifest.

                <property_group name='general' type='framework'>

                        <!-- allow user administration -->

                        <propval name='action_authorization' type='astring'

                                value='solaris.smf.manage.lightdm'/>

                        <propval name='value_authorization' type='astring'

                                value='solaris.smf.modify.lightdm'/>

                </property_group>


(That goes at the same level as the exec_method.)



>
> ----------------------------------------------------------------------------------
>
> Da: Alexander Pyhalov <[email protected]>
> A: [email protected]
> Cc: Gabriele Bulfon <[email protected]>
> Data: 8 aprile 2014 13.19.19 CEST
> Oggetto: Re: [discuss] user_attr.d
>
> On 04/08/2014 15:13, Gabriele Bulfon wrote:
> > Actually also just having that line in user_attr doesn't let it
> disable/enable through svcadm.
> > But it lets shutdown through dbus send at Hal Shutdown.
> > Maybe
> > solaris.smf.modify,solaris.smf.manage are not the correct strings?
>
> I've checked, it worked for me.
>
> $ /usr/bin/auths
>
> solaris.admin.wusb.read,solaris.device.cdrw,solaris.device.mount.removable,solaris.mail.mailq,solaris.profmgr.read,solaris.smf.manage,solaris.smf.modify
> $ pfexec /usr/sbin/svcadm restart apache24
>
> ...
>
> --
> Best regards,
> Alexander Pyhalov,
> system administrator of Computer Center of Southern Federal University
>
>
> *illumos-discuss* | 
> Archives<https://www.listbox.com/member/archive/182180/=now>
> <https://www.listbox.com/member/archive/rss/182180/21175722-010faa19> |
> Modify<https://www.listbox.com/member/?&;>Your Subscription
> <http://www.listbox.com>
>



-- 
-Peter Tribble
http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/



-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4
Powered by Listbox: http://www.listbox.com

Reply via email to