Trey Bean wrote: > Hi everyone, > > I am pretty new at solaris, and am trying to set up some SMF manifests on our > new server. I have gotten 2 out of 3 to work. The third one has been giving > us grief all week. We've tried creating it every which way and still keep > receiving "Method failed." errors. The odd thing, we are using the exact > same process for all three manifests, the only difference is they are running > as different users. > > What it boils down to is we have created three users. Each user is going to > be running a mongrel process for a Rails application. The first two user's > setups work great. But the third, which shouldn't be any different fails. > Here is the manifest we are using: >
> > This is exactly the same as the other manifests, except app3 and user3 are > replaced with the corresponding values for that user and application. > > Other things to note: > > 1. We can log on as user3 and run the command just fine as that user from > that directory. > 2. If we change the method_credential to root:root or user1:user1, the > manifest loads correctly. Of course, the app doesn't if its user1, because > they don't have permissions, but the manifest and mongrel process work. > > This leads us to wonder if it isn't something wrong with this user. I just > finished recreating it with a different groupID, but it is still failing. > > My only guess at this point is that user3 got on some SMF_banned list, or > user3's username is invalid somehow - it starts with two numerals, where the > other two users don't. > > Any insight into this issue will be MUCH appreciated. > > Thanks, > Trey Hi, The only thing I can think of is that the RBAC attributes granted to user1 and user3 are different. When I set my method_credential 'user', I end up setting my 'privileges' as well. You can do 'auths user1' and 'auths user3' and compare. When you start up the service as user1, do a ppriv -S <pid of a process started by that service>, I'm going to assume that the privileges listed is a set of privileges required for the application to run (though not the minimum set). Then assign the privileges inside the method_credential block explicitly. Read this for the general idea: http://www.sun.com/blueprints/0605819-2887.pdf Then come back here for specific help if you need syntax or others. If this is not the problem (auths are the same for user1 and user3), then I have no idea. C
