Yes, sure, I figured it out :) Thanks! Gabriele. Da: Peter Tribble A: discuss Cc: Alexander Pyhalov Data: 8 aprile 2014 15.00.50 CEST Oggetto: Re: [discuss] user_attr.d On Tue, Apr 8, 2014 at 12:41 PM, Gabriele Bulfon [email protected] wrote: Oh yes, just a typo .....now it works. So now, what if I want to add a specific service management? I tried adding a lightdm file in /etc/security/auth_attr.d solaris.smf.manage.lightdm:::Manage LightDM service states::help=ManageLightDM.html solaris.smf.modify.lightdm:::Modify LightDM service states::help=ModifyLightDM.html then give these two specific permission in /etc/user_attr.d/lightdm, refreshed rbac, su - lightdm, auths shows correct auths, but svcadm gives no premission to disable lightdm..... You need to explicitly allow the specific authorizations in the service's SMF manifest. value='solaris.smf.manage.lightdm'/ value='solaris.smf.modify.lightdm'/ (That goes at the same level as the exec_method.) ---------------------------------------------------------------------------------- Da: Alexander Pyhalov [email protected] A: [email protected] Cc: Gabriele Bulfon [email protected] Data: 8 aprile 2014 13.19.19 CEST Oggetto: Re: [discuss] user_attr.d On 04/08/2014 15:13, Gabriele Bulfon wrote: Actually also just having that line in user_attr doesn't let it disable/enable through svcadm. But it lets shutdown through dbus send at Hal Shutdown. Maybe solaris.smf.modify,solaris.smf.manage are not the correct strings? I've checked, it worked for me. $ /usr/bin/auths solaris.admin.wusb.read,solaris.device.cdrw,solaris.device.mount.removable,solaris.mail.mailq,solaris.profmgr.read,solaris.smf.manage,solaris.smf.modify $ pfexec /usr/sbin/svcadm restart apache24 ... -- Best regards, Alexander Pyhalov, system administrator of Computer Center of Southern Federal University illumos-discuss | Archives | Modify Your Subscription -- -Peter Tribble http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/ illumos-discuss | Archives | Modify Your Subscription
------------------------------------------- illumos-discuss Archives: https://www.listbox.com/member/archive/182180/=now RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be Modify Your Subscription: https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4 Powered by Listbox: http://www.listbox.com
