Liane Praza wrote: > Riny Qian writes: >> >> <method_credential user='root' group='root' /> >>Is it really needed? Since the service is started by svc.startd(1M), >>the method_context will be set to such (e.g. user='root') by default.
> Explicitly stating your service's requirements in the manifest is > always a good way to go, so I belive this is good practice. It isn't > practice I'd explicitly enforce, though. (Do note that the ARCs > require that services are configured to run with the least possible > privileges. But, if root/root is the least possible privilege for a > service, I personally woudln't insist on the declaration.) method_context and method_credential continue to be objects of dread for me. The way up top is fine, but if you set privilege but leave out setting user, your manifest won't validate, even if your user is the implicit "root". Just user, mind you; omit group and you're still OK. Setting these properties via svccfg is even hairier, you need to set some property to be ":default", "default" is wrong. CT
