msglog: Permission denied" when using smf_console

Michael Schmarck Wed, 01 Oct 2008 14:20:21 +0200

Hello.

On a Solaris 10 U5 box, I wrote an SMF method script,
which logs messages using smf_console. In /lib/svc/share/smf_include.sh,
there is:


# smf_console
#
#   Use as "echo message 2>&1 | smf_console".  If SMF_MSGLOG_REDIRECT is
#   unset, message will be displayed to console.  SMF_MSGLOG_REDIRECT is
#   reserved for future use.
#
smf_console () {
        /usr/bin/tee ${SMF_MSGLOG_REDIRECT:-/dev/msglog}
}

Because of that, I have in my method file:

echo "Error! Unknown action!" 2>&1 | smf_console

Thanks to RBAC and properties in the manifest, I can
start/stop/control the service as an ordinary user. In
the manifest, there's:

            <property_group name='start' type='method'>
                <propval name='action_authorization' type='astring'
                  value='solaris.smf.manage.teamcenter.search_engine/beta' />
                <propval name='modify_authorization' type='astring'
                  value='solaris.smf.manage.teamcenter.search_engine/beta' />
                <propval name='value_authorization' type='astring'
                  value='solaris.smf.manage.teamcenter.search_engine/beta' />
            </property_group>
            <property_group name='stop' type='method'>
                <propval name='action_authorization' type='astring'
                  value='solaris.smf.manage.teamcenter.search_engine/beta' />
                <propval name='modify_authorization' type='astring'
                  value='solaris.smf.manage.teamcenter.search_engine/beta' />
                <propval name='value_authorization' type='astring'
                  value='solaris.smf.manage.teamcenter.search_engine/beta' />
            </property_group>
            <property_group name='general' type='framework'>
                <propval name='action_authorization' type='astring'
                  value='solaris.smf.manage.teamcenter.search_engine/beta' />
                <propval name='value_authorization' type='astring'
                  value='solaris.smf.manage.teamcenter.search_engine/beta' />
                <propval name='modify_authorization' type='astring'
                  value='solaris.smf.manage.teamcenter.search_engine/beta' />
            </property_group>

But when I start/stop/use the service has an 
ordinary user, I get error messages in the log
file (ie. /var/svc/log/application-teamcenter-search-engine:beta.log):

tee: /dev/msglog: Permission denied

--($ ~)-- ls -la /dev/msglog /dev/../devices/pseudo/sysmsg at 0:msglog
crw-------    1 root     sys       97,   1 Sep 26 07:51 
/dev/../devices/pseudo/sysmsg at 0:msglog
lrwxrwxrwx    1 root     other          33 Sep 17 15:28 /dev/msglog -> 
../devices/pseudo/sysmsg at 0:msglog

As I'm not root, I of course cannot write to /dev/msglog.

What's the proper remedy to this problem on Solaris 10?
Chmod 0666 /dev/../devices/pseudo/sysmsg at 0:msglog?

Thanks,
Michael
-- 
-- 


Psssst! Schon vom neuen GMX MultiMessenger geh?rt? Der kann`s mit allen: 
http://www.gmx.net/de/go/multimessenger

[smf-discuss] "tee: /dev/msglog: Permission denied" when using smf_console

Reply via email to