Ben Rockwood writes: > Has anyone had success using solaris.smf.manage to manage services? When I u > se auths=solaris.smf.* things are fine (too much control), when I use auths=s > olaris.smf.manage, or auths=solaris.smf.manage.* I can't control services. W > hen I add a named service, ie: auths=solaris.smf.manage.telnet, I _should_ be > able to enable/disable/restart the network/telnet service but can't. > > Is this a bug or has someone got it working with fine-grained control?
manage is supposed to work for non-persistent actions. That is, restart should work, enable -t should work, but undecorated enable/disable should not. (smf_security(5) describes the Service Operator rights profile, which offers the functionality you're describing.) I just tried on my laptop with 75, and restart definitely worked with solaris.smf.manage. Next, as to the usage with solaris.smf.manage.telnet. These don't happen automatically. The more specific auth needs to be created by the service. This is now required by the SMF ARC policy, but there are lots of services which don't comply. telnet doesn't comply, but system-log, for example, does. svcadm restart system-log with an auth of solaris.smf.manage.system-log works for me, again on b75. liane
