Sudo to RBAC and init.d to SMF

How do I add a photo to my comment or blog entry?

Hello Guest

• Login
• Register…
• Start blog

• Who, Where, When
• What can I do?
• What to Read?

• Polls
• Avatars
• Interests

• Cities and Countries
• Random blog
• Users search

• Search
• Games
• Tests
• RYXI

• Сообщества
• Talxy Chat
• Horoscope
• Online

Зарегистрируйся!

RYXI > Solaris > Sudo to RBAC and init.d to SMF 16 April 2008 23:32:47

Recent blog posts:

auuuuu
ljudi gde vy?

~~~~~~~~~~~kOrOcHe…
~~~~~~~~~~~kOrOcHe TaK~~~~~~~~~~ pRaViLa!!! 1) nI kAkIx PiSeM sHjAsT'Ja!!! 2) nA mnU nE gnAt' eSlE…

Sad
Heeeergh!!!!!!!!!!!!!No who to me unjoin!!!!!!!!!!:'(

Winx
Who love Winx, go here!

Witch
Who love Witch, go here!

merhaba
merhabalar,

canon pixma ip1500 service
canon ip1500 service manual search...

Pencil and pastel portraits by…
Pencil and pastel portraits by this portrait artist from picturedraw…

Cisco CallManager Express 5.0…
HI, We are trying to find a way to dump CDR records (call related only )from Cisco CallManager Express…

The Environement man !
I'm seeking fellow Lebanese who share the same interest to protect our environment..

They have birthday today:

techno

все >>

Forums:

topic feeds

• RYXI all topics, blogs and comments

• General hardware

• General software

• Games

• Homebuilt

• Overclocking

• Drivers

• Hard Drives, IDE, SCSI, RAID

• Motherboards

• Chips

• Videocards

• Scanners

• Printers

• Laptops

• CD, DVD, burning, authoring

• Audio

• digital and webcams, digital-tv

• Telecom, VPN, VoIP, DSL, Lans

• Security

• MS Windows

• Linux

• FreeBSD

• Solaris

• OS/2

• Buy / Sell

• Open discussion

• Anonymous

Discuss:

san surfer
Hi Can anyone help me get qlogic san surfer i know it is a free tool but its not on their website. I…

OpenSolaris Custom Install
is there any way to do a custom install of this release? talking about the 05/08 just released.. I'm…

Re: Is Solaris Dead?
On Sat, 03 May 2008 21:02:26 +0000, Canuck57 wrote: That's because they are both as good as dead…

adding packages after…
I have a sun box running Solaris 9. I had been instructed to remove SSH from this server, however we…

Solaris Zones - memory…
This link states that it is not possible to constrain memory usage in zones. Is this still the case…

Recent forum topics:

Pictures and Printing
Sir: I scanned into my computer a 3 by 5 picture using Tame/2 at a resolution of 1200 dpi. My…

cannot scan after install…
haiiii.... why i cannot scan after install software canonscan n640p.... all cabel sacnner i…

usb bluetooth driver
HELLO, I need USB BLUETOOTH DRIVER of ISSCBTA. I lost the DRIVER CD, and my PC didn't know my cell phone…

WDM Drivers for DVR AJ214 on…
Hello, I need WDM drivers for a TW6800 based video card (4 inputs). Anyone knows other cards built on…

Recent forum comments:

RE: usb bluetooth driver
thats good

RE: ICUVGA-GW710 Driver ?
Hi guys, you can download the display card drivers for FCC ID: ICUVGA-GW807C from the follwoing site for…

RE: LEXMARK SERVICE MANUALS
Hi All www.feedroller.com has loads of free manuals

RE: ICUVGA-GW710 Driver ?
Hi!, I've a video Card and his reference is FCC ID : ICUVGA-GW807C. I lost the driver. I am using…

RE: san surfer
Dean I just downloaded it from Qlogic web site it there! Sun storedge 3510 just us "sccli -h"…

RE: NEC LaVie Drivers
my e mail is bake_heelys@hotmail.com

RE: NEC LaVie Drivers
please help me. i can't hear sound of LaVie LL700/E. because i install new window XP, and i wana to…

RE: [very_newbie] internet problem
Dave wrote: DNS servers I mean!

RE: [very_newbie] internet problem
On May 6, 4:01pm, Dave <f...@coo.com> wrote: yes I have done the all things that u mentioned…

RE: ld: fatal: library -ltli: not…
276vaibhav@gmail.com wrote: I don't see "tli" anywhere in what you've posted…

Moderators:

Administrator
Protorioris


Sudo to RBAC and init.d to SMF
Gary Mills 16 April 2008 23:32:47
	We're upgrading a server from Solaris 9 to Solaris 10. This would be a good opportunity to convert our init.d scripts into SMF services. Creating a manifest and a method is relatively easy. However, there are a group of users who use sudo to stop and start the process as root. How do we give them the ability to run svcadm to enable or disable the service on Solaris 10? Can this be done in the manifest or the method script? We can't modify the executable itself. -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
		Add comment


Hume Spamfilter 15 April 2008 05:52:32 [ permanent link ]
	Gary Mills <mills@cc.umanitoba.ca> wrote: root. How do we give them the ability to run svcadm to enable or disable the service on Solaris 10? Can this be done in the manifest or the method script? We can't modify the executable itself. Well, on my box as an example, to start and stop the icecast server, I place in the SMF manifest, right after the last exec_method: <property_group name='general' type='framework'> <propval name='action_authorization' type='astring' value='solaris.smf.manage.icecast'/> <propval name='enabled' type='boolean' value='false'/> <propval name='value_authorization' type='astring' value='solaris.smf.manage.icecast'/> </property_group> And then in /etc/user_attr I have: hume::::type=normal;auths=solaris.smf.manage.icecast ... which seems to work okay. -- Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/
		Add comment


Gary Mills 15 April 2008 06:06:06 [ permanent link ]
	In <fu11p0$jk3$1@Kil-nws-1.UCIS.Dal.Ca> hume.spamfilter@bofh.ca writes: Gary Mills <mills@cc.umanitoba.ca> wrote: root. How do we give them the ability to run svcadm to enable or disable the service on Solaris 10? Can this be done in the manifest or the method script? We can't modify the executable itself. Well, on my box as an example, to start and stop the icecast server, I place in the SMF manifest, right after the last exec_method: <property_group name='general' type='framework'> <propval name='action_authorization' type='astring' value='solaris.smf.manage.icecast'/> <propval name='enabled' type='boolean' value='false'/> <propval name='value_authorization' type='astring' value='solaris.smf.manage.icecast'/> </property_group> And then in /etc/user_attr I have: hume::::type=normal;auths=solaris.smf.manage.icecast That seems to be exactly what I want. I'd like to eliminate sudo in favour of RBAC, as you noticed. Is this portion of the manifest documented someplace? Is there an existing service that I can use as a model? -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
		Add comment


Chris Ridd 15 April 2008 10:06:15 [ permanent link ]
	On 2008-04-15 03:06:06 +0100, Gary Mills <mills@cc.umanitoba.ca> said: In <fu11p0$jk3$1@Kil-nws-1.UCIS.Dal.Ca> hume.spamfilter@bofh.ca writes: Gary Mills <mills@cc.umanitoba.ca> wrote: root. How do we give them the ability to run svcadm to enable or disable the service on Solaris 10? Can this be done in the manifest or the method script? We can't modify the executable itself. Well, on my box as an example, to start and stop the icecast server, I place in the SMF manifest, right after the last exec_method: <property_group name='general' type='framework'> <propval name='action_authorization' type='astring' value='solaris.smf.manage.icecast'/> <propval name='enabled' type='boolean' value='false'/> <propval name='value_authorization' type='astring' value='solaris.smf.manage.icecast'/> </property_group> And then in /etc/user_attr I have: hume::::type=normal;auths=solaris.smf.manage.icecast That seems to be exactly what I want. I'd like to eliminate sudo in favour of RBAC, as you noticed. Is this portion of the manifest documented someplace? Is there an existing service that I can use as a model? Does that same manifest still work on a system without RBAC? Cheers, Chris
		Add comment


Thommy M. 15 April 2008 21:07:38 [ permanent link ]
	Chris Ridd wrote: On 2008-04-15 03:06:06 +0100, Gary Mills <mills@cc.umanitoba.ca> said: In <fu11p0$jk3$1@Kil-nws-1.UCIS.Dal.Ca> hume.spamfilter@bofh.ca writes: Gary Mills <mills@cc.umanitoba.ca> wrote: root. How do we give them the ability to run svcadm to enable or disable the service on Solaris 10? Can this be done in the manifest or the method script? We can't modify the executable itself. Well, on my box as an example, to start and stop the icecast server, I place in the SMF manifest, right after the last exec_method: <property_group name='general' type='framework'> <propval name='action_authorization' type='astring' value='solaris.smf.manage.icecast'/> <propval name='enabled' type='boolean' value='false'/> <propval name='value_authorization' type='astring' value='solaris.smf.manage.icecast'/> </property_group> And then in /etc/user_attr I have: hume::::type=normal;auths=solaris.smf.manage.icecast That seems to be exactly what I want. I'd like to eliminate sudo in favour of RBAC, as you noticed. Is this portion of the manifest documented someplace? Is there an existing service that I can use as a model? Does that same manifest still work on a system without RBAC? What kind of systems that supports SMF will not support RBAC?
		Add comment


Chris Ridd 15 April 2008 21:27:09 [ permanent link ]
	On 2008-04-15 18:07:38 +0100, "Thommy M." <eclipsed9876543210@hotmail.com> said: Chris Ridd wrote: Does that same manifest still work on a system without RBAC? What kind of systems that supports SMF will not support RBAC? I thought some bits of RBAC only appeared in a Solaris 10 update? Cheers, Chris
		Add comment


Thommy M. 15 April 2008 23:54:18 [ permanent link ]
	Chris Ridd wrote: On 2008-04-15 18:07:38 +0100, "Thommy M." <eclipsed9876543210@hotmail.com> said: Chris Ridd wrote: Does that same manifest still work on a system without RBAC? What kind of systems that supports SMF will not support RBAC? I thought some bits of RBAC only appeared in a Solaris 10 update? I think RBAC was introduced back in the Solaris 8 days... But I was hunting around for a Sun page where the introduction of different features are listed. Anyone who has a link to that one?
		Add comment


Dan McDonald 16 April 2008 00:29:14 [ permanent link ]
	In article <KJ7Nj.6123$R_4.4818@newsb.telia.net>, Thommy M. <eclipsed9876543210@hotmail.com> wrote: Chris Ridd wrote: I thought some bits of RBAC only appeared in a Solaris 10 update? I think RBAC was introduced back in the Solaris 8 days... You are correct. I asked one of our local RBAC wizards, and he says: The RBAC basis as we know it today was fully in S8 and later. <SNIP!> He even reminded me of the first putback into S8: D 1.1 99/05/13 10:22:39 XXX 1 0 00066/00000/00000 MRs: COMMENTS: PSARC 1997/332; make libsecdb, initial databases and help files * CHANGED * 99/05/13 10:23:15 XXX date and time created 99/05/13 10:22:39 by XXX That ARC case isn't opened up for perusal on opensolaris.org, alas. Point is --> If you're on a system with SMF, it already has RBAC. -- Daniel L. McDonald - Solaris Security & Networking Engineering Mail: danmcd@sun.com \| * MY OPINIONS ARE NOT NECESSARILY SUN'S! * 35 Network Drive Burlington, MA \|"rising falling at force ten http://blogs.sun.com/danmcd/ \| we twist the world and ride the wind" - Rush
		Add comment


Chris Ridd 16 April 2008 00:54:18 [ permanent link ]
	On 2008-04-15 21:29:14 +0100, danmcd@Eng.Sun.COM (Dan McDonald) said: In article <KJ7Nj.6123$R_4.4818@newsb.telia.net>, Thommy M. <eclipsed9876543210@hotmail.com> wrote: Chris Ridd wrote: I thought some bits of RBAC only appeared in a Solaris 10 update? I think RBAC was introduced back in the Solaris 8 days... You are correct. I asked one of our local RBAC wizards, and he says: The RBAC basis as we know it today was fully in S8 and later. [...] Point is --> If you're on a system with SMF, it already has RBAC. That's good to know, thanks. I'm obviously thinking of something else; pretty sure that whatever it was was introduced in U4. Cheers, Chris
		Add comment


Thommy M. 16 April 2008 22:29:56 [ permanent link ]
	Dan McDonald wrote: In article <KJ7Nj.6123$R_4.4818@newsb.telia.net>, Thommy M. <eclipsed9876543210@hotmail.com> wrote: Chris Ridd wrote: I thought some bits of RBAC only appeared in a Solaris 10 update? I think RBAC was introduced back in the Solaris 8 days... You are correct. I asked one of our local RBAC wizards, and he says: The RBAC basis as we know it today was fully in S8 and later. Thanks Dan. What about the page listing when different features was introduced? Or was that only something I remember from inside SWAN?
		Add comment


Darren Dunham 16 April 2008 23:32:47 [ permanent link ]
	Thommy M. <eclipsed9876543210@hotmail.com> wrote: Thanks Dan. What about the page listing when different features was introduced? Or was that only something I remember from inside SWAN? I don't think I've ever seen such a page from Sun, although I would assume that gathering the details from the "What's New" pages wouldn't be overly tedious. Casper's FAQ has a few major items, but doesn't approach being comprehensive. http://www.science.uva.nl/pub/solaris/solaris2.html#q1.5 -- Darren Dunham ddunham@taos.com Senior Technical Consultant TAOS http://www.taos.com/ Got some Dr Pepper? San Francisco, CA bay area < This line left intentionally blank to confuse you. >
		Add comment

RYXI > Solaris > Sudo to RBAC and init.d to SMF 16 April 2008 23:32:47

	see also: True Crypt Question [AVU] Ad-Aware SE1R84 2005/12/28 Pricelessware CD ISO's via FTP		пройди тесты:		see also: canon pixma ip1500 service music transfer Canon Pixma IP1500 how to replace waste…

Copyright © 2001—2008 RYXI
Idea: Miсhael Monashev
Помощь и задать вопросы можно в сообществе support.ryxi.com.
Сообщения об ошибках оставляем в сообществе bugs.ryxi.com.
Предложения и комментарии пишем в сообществе suggest.ryxi.com.
Информация для родителей.
Write us at:

If you would like to report an abuse of our service, such as a spam message, please .




Get comments by e-mail Add to favourites

Пожалуйста, относитесь к собеседникам уважительно, не используйте нецензурные слова, не злоупотребляйте заглавными буквами, не публикуйте рекламу и объявления о купле/продаже, а также материалы нарушающие сетевой этикет или УК РФ.

Sudo to RBAC and init.d to SMF

Add new comment