thanks for the suggestions


Steffen Weiberle wrote On 08/25/06 11:26,:
> I'd suggest a role with the "Maintenance and Repair" profile. This 
> will allow the authorized user(s) to assume that role and run /sbin/init.
> 
> This can be set per zone, from within the zone.
> 
> Something such as:
> 
> # roleadd -u <roleid> -g <group> -P "Maintenance and Repair" userinit
> 
> # usermod -u <userid> -P userinit
> 
> 
> Peter Wilk wrote On 08/25/06 10:36,:
> 
>>All,
>>
>>IHAC that created zones and wants the users to be able to reboot the
>>zones.they put the following in their password file:
>>
>>bounce:x:0:1:Bounce Account:/:/usr/sbin/reboot
>>
>>this way a user can 'su bounce ' and reboot the zone..The zone hangs
>>while coming down and customer wants to know why..
>>
>>I checked with my escalation engineers and they mentioned that
>>'zoneadm -z ' was the correct proocedure to take down a zone..
>>
>>Customer is stating there is no documentation that states that zoneadm
>>is the only procedure to take down a zone and that reboot is not
>>acceptable.
>>
>>So I am looking for docmentation that confirms the correct procedures to
>>take down a zone and where reboot is not correct.
>>
>>It maybe that reboot is acceptable as root but not supported using the
>>pasword file, but customer needs to see it in writing
>>
>>Thanks
>>
>>Peter

-- 
=============================================================================
         ______
        /_____/\
       /_____\\ \            Peter Wilk -  OS/Security Support
      /_____\ \\ /           Sun Microsystems
     /_____/ \/ / /          1 Network Drive,  P.O Box 4004
    /_____/ /   \//\         Burlington, Massachusetts 01803-0904
    \_____\//\   / /         1-800-USA-4SUN, opt 1, opt 1,<case number>#
     \_____/ / /\ /          Email: [EMAIL PROTECTED]
      \_____/ \\ \           =====================================
       \_____\ \\
        \_____\/

=============================================================================



_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to