Tavitayya Varanasi wrote: > Hi Darren, > > Please look below for embedded answers. > > Darren J Moffat wrote: >> Why does this need a top level directory in /usr/ ? The only time we >> should need those is when there is a hard requirement to be able to >> support multiple incompatible versions installed at the same time. >> > I followed the directory structure of the ganglia package in pending > repository. There is no hard requirement of the directory. Directory > structure can be modified as per your suggestion. >> SHould not be delivering an /etc/init.d/ file instead an SMF service >> should be delivered. The case needs to specify the FMRI and the >> method credentail at the very least (ie what user and privileges will >> this run with). >> > Will provide SMF service for the gmetad and gmond processes. These > processes are as user nobody with superuser privileges.
The nobody account is special for NFS and must only be used by NFS. No process should ever be run as the nobody account. There is not such thing as superuser privileges you must specify the exact minimal list of privileges the program needs to run. That could be the basic set or possibly less or in some cases where it needs to modify root owned objects or do other system wide things it could be all. Given this is a monitoring program I'd be surprised if it needed any privileges. See the following page for information on how to determine what the minimal set of privileges is: http://hub.opensolaris.org/bin/view/Community+Group+security/privdebug -- Darren J Moffat
