Tom Whitten wrote: > Christine Tran writes: >> method_context and method_credential continue to be objects of dread for >> me. The way up top is fine, but if you set privilege but leave out >> setting user, your manifest won't validate, even if your user is the >> implicit "root". Just user, mind you; omit group and you're still OK. >> >> Setting these properties via svccfg is even hairier, you need to set >> some property to be ":default", "default" is wrong. >>
> > Hi Christine, > > Your comment sent me off to look at the DTD, and I found this: > > <!ELEMENT method_credential EMPTY> > > <!ATTLIST method_credential > user CDATA #REQUIRED > group CDATA ":default" > supp_groups CDATA ":default" > privileges CDATA ":default" > limit_privileges CDATA ":default" > > > You are correct that the user attribute is required. It appears that all > other properties should default to ":default" if not specified. Is it your > feeling that there should be a more intuitive way of specifying the > credential, or do we need to do a better job of documenting the > method_credential and method_context manifest elements? > I have a few complaints about method_context. Better docs and more user-friendly docs is always great, but in their absence it should not be so hard to figure out what's needed, or what's gone wrong. Why must I set user when all I want to do is change privilege? And why user but not group? When I set other property values I use "value", "true", but then I get to ":default" and the colon throws me entirely off. This whole affair of having to set stuff to default is wacked; if it's the default, it doesn't need to be set. In smf_method(5), a list of properties are defined under method_context, but in effect, some should go in the method_credential and some in the method_context bloc. I put project in method_credential and spent a good 45 minutes trying to figure out why my service wasn't started in the right project. Eventually I used svccfg to add a project and then dumped out the XML to see where it should go. I still haven't figured it out the proper way yet. When I've done something wrong I would like some helpful error messages. SMF will silently fail while missing other property values, but I would never know it. The entire experience of trying to figure out what works and what doesn't is ... what is it like? "You are in front of an altar. There is a bell here." CT
