I'd suggest a role with the "Maintenance and Repair" profile. This will allow the authorized user(s) to assume that role and run /sbin/init.

This can be set per zone, from within the zone.

Something such as:

# roleadd -u <roleid> -g <group> -P "Maintenance and Repair" userinit

# usermod -u <userid> -P userinit

Peter Wilk wrote On 08/25/06 10:36,:

IHAC that created zones and wants the users to be able to reboot the
zones.they put the following in their password file:

bounce:x:0:1:Bounce Account:/:/usr/sbin/reboot

this way a user can 'su bounce ' and reboot the zone..The zone hangs
while coming down and customer wants to know why..

I checked with my escalation engineers and they mentioned that
'zoneadm -z ' was the correct proocedure to take down a zone..

Customer is stating there is no documentation that states that zoneadm
is the only procedure to take down a zone and that reboot is not

So I am looking for docmentation that confirms the correct procedures to
take down a zone and where reboot is not correct.

It maybe that reboot is acceptable as root but not supported using the
pasword file, but customer needs to see it in writing


zones-discuss mailing list

Reply via email to