Christine Tran writes: > Tom Whitten wrote: > > Christine Tran writes: > >> method_context and method_credential continue to be objects of dread for > >> me. The way up top is fine, but if you set privilege but leave out > >> setting user, your manifest won't validate, even if your user is the > >> implicit "root". Just user, mind you; omit group and you're still OK. > >> > >> Setting these properties via svccfg is even hairier, you need to set > >> some property to be ":default", "default" is wrong. > >> > > > > > Hi Christine, > > > > Your comment sent me off to look at the DTD, and I found this: > > > > <!ELEMENT method_credential EMPTY> > > > > <!ATTLIST method_credential > > user CDATA #REQUIRED > > group CDATA ":default" > > supp_groups CDATA ":default" > > privileges CDATA ":default" > > limit_privileges CDATA ":default" > > > > > You are correct that the user attribute is required. It appears that all > > other properties should default to ":default" if not specified. Is it your > > feeling that there should be a more intuitive way of specifying the > > credential, or do we need to do a better job of documenting the > > method_credential and method_context manifest elements? > > > > I have a few complaints about method_context. Better docs and more > user-friendly docs is always great, but in their absence it should not > be so hard to figure out what's needed, or what's gone wrong. > > Why must I set user when all I want to do is change privilege? And why > user but not group? When I set other property values I use "value", > "true", but then I get to ":default" and the colon throws me entirely > off. This whole affair of having to set stuff to default is wacked; if > it's the default, it doesn't need to be set.
Those are valid complaints. I think that they are documented in the bugs that Liane mentioned in her mail. > > In smf_method(5), a list of properties are defined under method_context, > but in effect, some should go in the method_credential and some in the > method_context bloc. I put project in method_credential and spent a > good 45 minutes trying to figure out why my service wasn't started in > the right project. Eventually I used svccfg to add a project and then > dumped out the XML to see where it should go. I still haven't figured > it out the proper way yet. I see what you mean. I'll see if there is a doc bug that covers this, and if not I'll file one. > > When I've done something wrong I would like some helpful error messages. > SMF will silently fail while missing other property values, but I > would never know it. The entire experience of trying to figure out what > works and what doesn't is ... what is it like? > > "You are in front of an altar. > There is a bell here." > > CT > > > _______________________________________________ > smf-discuss mailing list > smf-discuss at opensolaris.org
