[smf-discuss] modify_authorization

Tom Whitten Thu, 8 Feb 2007 13:43:00 -0700

Derek Crudgington writes:
> I've got a SMF I'm trying to let user "tomcat" modify the properties of the 
> SMF, and I keep getting permission denied.  According to every piece of 
> documentation I find on this, I am doing it correctly:
> 
> As tomcat user:
> 
> # auths
> 
> solaris.smf.modify.tomcat,solaris.device.cdrw,solaris.profmgr.read,solaris.jobs.user,solaris.mail.mailq,solaris.device.mount.removable,solaris.admin.usermgr.read,solaris.admin.logsvc.read,solaris.admin.fsmgr.read,solaris.admin.serialmgr.read,solaris.admin.diskmgr.read,solaris.admin.procmgr.user,solaris.compsys.read,solaris.admin.printer.read,solaris.admin.prodreg.read,solaris.admin.dcmgr.read,solaris.snmp.read,solaris.project.read,solaris.admin.patchmgr.read,solaris.network.hosts.read,solaris.admin.volmgr.read
> # grep 'solaris.smf.modify.tomcat' /etc/security/auth_attr
> solaris.smf.modify.tomcat:::Modify Tomcat SMF::
> 
> # svccfg -s tomcat:dig
> svc:/application/tomcat:dig> listprop
> fs-local                      dependency
> fs-local/entities             fmri     svc:/system/filesystem/local
> fs-local/grouping             astring  require_all
> fs-local/restart_on           astring  none
> fs-local/type                 astring  service
> start                         method
> start/exec                    astring  /export/home/tomcat/bin/startup.sh
> start/group                   astring  tomcat
> start/limit_privileges        astring  :default
> start/privileges              astring  :default
> start/project                 astring  :default
> start/resource_pool           astring  :default
> start/supp_groups             astring  :default
> start/timeout_seconds         count    60
> start/type                    astring  method
> start/use_profile             boolean  false
> start/user                    astring  tomcat
> start/working_directory       astring  :default
> stop                          method
> stop/exec                     astring  /export/home/tomcat/bin/shutdown.sh
> stop/timeout_seconds          count    60
> stop/type                     astring  method
> general                       framework
> general/action_authorization  astring  solaris.smf.modify.tomcat
> general/enabled               boolean  false
> general/modify_authorization  astring  solaris.smf.modify.tomcat
> general/value_authorization   astring  solaris.smf.modify.tomcat
> restarter                     framework NONPERSISTENT
> restarter/auxiliary_state     astring  none
> restarter/next_state          astring  none
> restarter/state               astring  disabled
> restarter/state_timestamp     time     1170961232.506694000
> restarter_actions             framework NONPERSISTENT
> restarter_actions/refresh     integer
> svc:/application/tomcat:dig>
> 
> svc:/application/tomcat:dig> setprop start/user = astring: nobody
> Permission denied.
> 
> Any help would be much appreciated.
>  
>  
> This message posted from opensolaris.org
> _______________________________________________
> smf-discuss mailing list
> smf-discuss at opensolaris.org


Try creating value_authorization and modify_authorization properties in the
start property group.  Then tomcat should be able to modify the properties
in the start property group.

tom

[smf-discuss] modify_authorization

Reply via email to