I'm sponsoring this fast track for Menno Lageman.
This project proposes to convert the current mechanism for configuring
the extended accounting facility in Solaris to use SMF and to fix some
long standing problems with extended accounting.
It requests a Patch release binding in case there's a need to back port.
The interface stabilities are noted in the proposal.
With the conversion to SMF both the Project Private /etc/acctadm.conf
file and the acctadm -u option to read in that file are removed.
Upon upgrade /etc/acctadm.conf contents are used to configure
the new SMF services.
A full diff marked acctadm(1M) man page is in the case directory.
A prototype contract based on the existing approved contracts for
the use of the SMF project private upgrade file is in the case directory.
The timer is set for 14 Feb, 2008.
Gary..
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Problem
=======
Extended accounting is configured at boot time by the script
/etc/init.d/acctadm which reads configuration parameters from
/etc/acctadm.conf. The configuration is administered using
the acctadm(1M) command.
There are a number of problems with the current mechanism:
- extended accounting cannot be enabled persistently since
Solaris does not deliver a script linked to /etc/init.d/acctadm
(CR 6400978 - acctadm -u not run during boot). If a user enables
extended accounting using acctadm(1M), this setting will not be
preserved across reboots.
To have the configuration restored at the next boot, the user
has to also manually create a link from /etc/rc?.d/S??acctadm
to /etc/init.d/acctadm, which is both redundant and counter-intuitive.
- the existing contents of an extended accounting file are lost when
extended accounting is started because the current implementation
truncates the file when opening it (CR 4520887 acctadm settings should
be persistent by default across reboots). This makes it
hard to enable extended accounting at boot without resorting to
workarounds like renaming an existing file out of the way before
/etc/init.d/acctadm is run.
Proposal
========
The problem with persistently enabling extended accounting will
be resolved by converting acctadm to use smf(5). The conversion
to SMF will introduce a new transient SMF service with three
instances. Each extended accounting type will be represented
by a separate instance:
svc:/system/acctadm:flow Flow accounting
svc:/system/acctadm:process Process accounting
svc:/system/acctadm:task Task accounting
Enabling extended accounting using acctadm(1M) will result in the
corresponding service instance being enabled (if not yet enabled) so
that the configuration will be restored at the next boot. Likewise,
if the effective configuration results in accounting being disabled,
the service instance will be disabled.
A new option (-s) will be added to acctadm(1M) to serve as the smf(5)
start method. The existing -u option to configure extended accounting
from the contents of /etc/acctadm.conf will be removed as it is no
longer of use.
The configuration parameters in /etc/acctadm.conf will be replaced by
SMF properties. Since changes to the configuration may involve changes
to more than one property, the current administrative utility acctadm(1M)
will remain the tool to administer the configuration. The properties
and their contents are therefore classified as Project Private and
are listed here for reference only:
config/enabled boolean kernel accounting state
config/file astring name of the accounting file
config/tracked astring list of tracked resources
config/untracked astring list of untracked resources
The instances will be delivered in the disabled state at install time.
This case will introduce new RBAC rights profiles and RBAC authorizations
to allow non-root users to manage extended accounting on a per accounting
type basis.
Existing contents of /etc/acctadm.conf will be migrated on upgrade by
adding conversion code to /var/svc/profile/upgrade in the postinstall
script and bfu. If the existing contents of /etc/acctadm.conf are such
that extended accounting would be enabled, the instance is enabled.
/etc/acctadm.conf will be removed after conversion.
As described in CR 4520887, the existing contents of an accounting
file will be preserved when opening the file by no longer truncating
the file in vn_open(). acctadm will verify that the contents of a
file (if any) are of the requested type before opening the file.
3. Interfaces
3.1. Imported interfaces
/var/svc/profile/upgrade Contracted Project Private
3.2. Exported interfaces
acctadm -s Committed
FMRIs
svc:/system/acctadm:flow Committed
svc:/system/acctadm:process Committed
svc:/system/acctadm:task Committed
Authorizations
solaris.smf.manage.acctadm.flow Committed
solaris.smf.value.acctadm.flow Committed
solaris.smf.manage.acctadm.process Committed
solaris.smf.value.acctadm.process Committed
solaris.smf.manage.acctadm.task Committed
solaris.smf.value.acctadm.task Committed
Rights Profiles
Extended Accounting Management (Flow) Committed
Extended Accounting Management (Process) Committed
Extended Accounting Management (Task) Committed
acctadm Project Private
3.3. Removed interfaces
acctadm -u
/etc/init.d/acctadm
/etc/acctadm.conf
3.4 Implementation Detail
For maintainability and convenience a subprofile of the committed
profiles is used to grant the /usr/sbin/acctadm command to the
owners of the Extended Accounting Management * profiles:
acctadm:::Do not assign to users. Commands required for \
Extended Account Management profiles.:help= .....
acctadm:solaris:cmd:::/usr/sbin/acctadm:euid=0;privs=sys_acct
There is a precedent for lower case Rights Profiles to be private
and used internally to the system. See the CDE profiles from Trusted
Extensions.
euid=0 is required to open the root owned accounting file.
sys_acct is required to use acct(2) to manage accounting.
4. References
acctadm(1m) diffs:
OPTIONS
The following options are supported:
+ -s Start method for the smf(5) instance.
+ This option is used to restore the
+ extended accounting configuration at
+ boot.
- -u Configure accounting based on the con-
- tents of /etc/acctadm.conf.
EXIT STATUS
The following exit values are returned:
2 Invalid command line options were specified.
+ 95 A fatal, non-configuration error occurred during start
+ of the smf(5) service instance.
+ 96 A fatal configuration error occurred during start of the
+ smf(5) service instance.
-FILES
- /etc/acctadm.conf
NOTES
+ Extended accounting configuration is stored in the service
+ management facility, smf(5), repository. The configuration
+ is restored at boot by a transient service instance, one per
+ accounting type:
+
+ svc:/system/acctadm:flow Flow accounting
+ svc:/system/acctadm:process Process accounting
+ svc:/system/acctadm:task Task accounting
+
+ The instances are enabled or disabled by acctadm as needed.
+ Configuration changes are made using acctadm(1M), service
+ properties should not be modified directly using svccfg(1M).
+
+ Users can manage extended accounting (start accounting, stop
+ accounting, change accounting configuration parameters) if
+ they have the appropriate RBAC Rights profile for the accounting
+ type to be managed:
+
+ Extended Accounting Management (Flow)
+ Extended Accounting Management (Process)
+ Extended Accounting Management (Task)
+
+ for flow accounting, process accounting and task accounting
+ respectively.
PSARC 1999/119 Tasks, Projects, and Extended Accounting
PSARC 2001/424 Enhancements to acctadm(1M)
5082833 RFE: exacct and acctadm should be converted to smf(5)
http://bugs.opensolaris.org/view_bug.do?bug_id=5082833
6400978 acctadm -u not run during boot
http://bugs.opensolaris.org/view_bug.do?bug_id=6400978
4520887 acctadm settings should be persistent by default across reboots
http://bugs.opensolaris.org/view_bug.do?bug_id=4520887
