-------- Original Message -------- Subject: [smf-discuss] Starting a service with a specific privilege From: Matt Cohen <mco...@hrlogix.com> > The service manifest contains the file_dac_read privilege as well: > <method_credential user='nagios' group='nagios' privileges='basic,!file_dac_read' />
'!file_dac_read' removes the privilege, just write 'basic,file_dac_read' instead. -- Renaud To: smf-discuss at opensolaris.org Date: Fri Feb 02 2007 18:56:45 GMT+0100 (CET) > Hi. > > We are running Solaris 10 11/06 release on some of our servers. The servers > have multiple zones each running a JBoss instance. > > In each zone, we are running the Nagios NRPE application to remotely monitor > our servers. > > Nagios is configured to run as an SMF service. It runs as user 'nagios' in > group 'nagios'. > > While trying to perform one of the monitoring checks, it fails to run > properly. The error message is Feb 2 11:21:11 appsrv2 genunix: [ID 702911 > kern.notice] jstat[17878]: missing privilege "file_dac_read" (euid = 5500, > syscall = 5) needed at tmp_taccess+0x8b > > User nagios has the file_dac_read privilege assigned to it in the > /etc/user_attr file. > > The service manifest contains the file_dac_read privilege as well: > <method_credential user='nagios' group='nagios' > privileges='basic,!file_dac_read' /> > > When I do a ppriv -v on the process, the file_dac_read privilege is not > available. How do I make it so the service starts and runs with the > file_dac_read privilege automatically? I thought adding it to the manifest > and user would do the trick, but it doesn't look like that's working. > > Any help would be appreciated. > > Thanks, > Matt > > > This message posted from opensolaris.org > _______________________________________________ > smf-discuss mailing list > smf-discuss at opensolaris.org
