Shouldn't action_authorization be sufficient enough to allow user to enble/disable, refresh/restat and mark/clear the service? If you want to manage the service's configuration/properties then you need the other mentioned authorizations. No?
Steve Estelle Agregado wrote: > Duh! Thanks a lot! After Googling for a few hours I think I just could > not think/see straight... > > So now, when our installers install our apps as root, and we ask the > user which user he wants those apps (services) to run as, what is the > best practice to set this up for the user? > Can I just do what I did and edit the /etc/user_attr directly? > (assuming I parse the file correctly and check if there is already an > entry for the userid or not, etc..) > > Thanks > Estelle > > > lianep at eng.sun.com wrote: > >> Gary Winiger writes: >> >> >>> You greped user_attr(4). It showed auths not profs and a syntax >>> error. >>> user:qualifier:res1:res2:attr is the correct syntax >>> maybe try echiquet::::auths=solaris.smf.manage.spsms >>> >> >> Gary's correct about the problem. If you change your line (with 3 >> ":::"s, rather than 4) to the above, it'll work. >> >> Just so folks know, Glenn Brunette did write a step-by-step example >> in the form of a blueprint. >> >> http://www.sun.com/blueprints/0605/819-2887.pdf >> >> (It's also linked off the main SMF community page if you need to find >> it again.) >> >> He uses roles rather than directly assigning auths to your user id, I >> think. (Which I admit to finding a little confusing, so tend to >> directly grant the auths to myself like you're trying to do. I'm >> probably not the best person to give examples on how to correctly use >> RBAC, but it usually works OK for me. :) ) >> >> liane >> >> > > _______________________________________________ > smf-discuss mailing list > smf-discuss at opensolaris.org
