John Fischer wrote: > ========== > > On OpenSolaris, the public interface to start and stop > ejabberd will be SMF and the service will be named: > > svc:/network/xmpp:ejabberd > > Note that user will still need ejabberdctl(1M) for other > administration tasks(ie., user management). > > ejabberd listens on three TCP ports by default: > > 5222 - standard port for jabber-client protocol > 5269 - standard port for jabber-server protocol for > server to server connections > 5280 - port for ejabberd web-based admin
I assume you don't actually mean "in a default install" but "When ejabberd is explicitly enabled". I'm assuming (hopefully) that ejabberd service is delivered disabled. What SMF method credential use ejabberd run with ? I'm assuming it is running as the daemon (or noaccess) user with no additional privileges. Given it is running on ports > 1024 it shouldn't need any privileges. [Strong HINT: I will derail this case if the answer is that it is running as root with all privileges] Which uid/gid owns the default log file location ? Which RBAC profile is the /usr/sbin/ejabberdctl in ? What new authorisations are added (and to which RBAC profile) for the SMF level administration ? -- Darren J Moffat
