I'd suggest a role with the "Maintenance and Repair" profile. This
will allow the authorized user(s) to assume that role and run /sbin/init.
This can be set per zone, from within the zone.
Something such as:
# roleadd -u <roleid> -g <group> -P "Maintenance and Repair" userinit
# usermod -u <userid> -P userinit
Peter Wilk wrote On 08/25/06 10:36,:
All,
IHAC that created zones and wants the users to be able to reboot the
zones.they put the following in their password file:
bounce:x:0:1:Bounce Account:/:/usr/sbin/reboot
this way a user can 'su bounce ' and reboot the zone..The zone hangs
while coming down and customer wants to know why..
I checked with my escalation engineers and they mentioned that
'zoneadm -z ' was the correct proocedure to take down a zone..
Customer is stating there is no documentation that states that zoneadm
is the only procedure to take down a zone and that reboot is not
acceptable.
So I am looking for docmentation that confirms the correct procedures to
take down a zone and where reboot is not correct.
It maybe that reboot is acceptable as root but not supported using the
pasword file, but customer needs to see it in writing
Thanks
Peter
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
