[smf-discuss] modify_authorization

Thu, 08 Feb 2007 12:28:31 PST 

I've got a SMF I'm trying to let user "tomcat" modify the properties of the 
SMF, and I keep getting permission denied.  According to every piece of 
documentation I find on this, I am doing it correctly:

As tomcat user:

# auths

solaris.smf.modify.tomcat,solaris.device.cdrw,solaris.profmgr.read,solaris.jobs.user,solaris.mail.mailq,solaris.device.mount.removable,solaris.admin.usermgr.read,solaris.admin.logsvc.read,solaris.admin.fsmgr.read,solaris.admin.serialmgr.read,solaris.admin.diskmgr.read,solaris.admin.procmgr.user,solaris.compsys.read,solaris.admin.printer.read,solaris.admin.prodreg.read,solaris.admin.dcmgr.read,solaris.snmp.read,solaris.project.read,solaris.admin.patchmgr.read,solaris.network.hosts.read,solaris.admin.volmgr.read
# grep 'solaris.smf.modify.tomcat' /etc/security/auth_attr
solaris.smf.modify.tomcat:::Modify Tomcat SMF::

# svccfg -s tomcat:dig
svc:/application/tomcat:dig> listprop
fs-local                      dependency
fs-local/entities             fmri     svc:/system/filesystem/local
fs-local/grouping             astring  require_all
fs-local/restart_on           astring  none
fs-local/type                 astring  service
start                         method
start/exec                    astring  /export/home/tomcat/bin/startup.sh
start/group                   astring  tomcat
start/limit_privileges        astring  :default
start/privileges              astring  :default
start/project                 astring  :default
start/resource_pool           astring  :default
start/supp_groups             astring  :default
start/timeout_seconds         count    60
start/type                    astring  method
start/use_profile             boolean  false
start/user                    astring  tomcat
start/working_directory       astring  :default
stop                          method
stop/exec                     astring  /export/home/tomcat/bin/shutdown.sh
stop/timeout_seconds          count    60
stop/type                     astring  method
general                       framework
general/action_authorization  astring  solaris.smf.modify.tomcat
general/enabled               boolean  false
general/modify_authorization  astring  solaris.smf.modify.tomcat
general/value_authorization   astring  solaris.smf.modify.tomcat
restarter                     framework NONPERSISTENT
restarter/auxiliary_state     astring  none
restarter/next_state          astring  none
restarter/state               astring  disabled
restarter/state_timestamp     time     1170961232.506694000
restarter_actions             framework NONPERSISTENT
restarter_actions/refresh     integer
svc:/application/tomcat:dig>

svc:/application/tomcat:dig> setprop start/user = astring: nobody
Permission denied.

Any help would be much appreciated.
 
 
This message posted from opensolaris.org

Reply via email to