|
|||||||
| Forums | Search Forums | Register | Forum Rules | Man Pages | Albums | FAQ | Members | Calendar | Search | Today's Posts | Mark Forums Read |
| Solaris The Solaris Operating System, usually known simply as Solaris, is a Unix-based operating system introduced by Sun Microsystems. The Solaris OS is now owned by Oracle. |
|
|
|
Thread Tools | Search this Thread | Display Modes |
|
#1
01-08-2013
|
|||
|
|||
|
Solaris11: Permission issues with auto-scrub ZFS pool
Short version: Code:
pfexec zpool scrub rpool fails saying I do not have permission to perform that action. Apparently scrub is not one of the pfexec allowed actions. Any idea on how to get around it? Long version: I got tired of manually running scrubs and am trying to set it to happen automatically. Seems simple enough to set up a cron job for it (once google informed me of the existance of cron :P). Wanting to test it out and isolate issues and such, and based on my experience I figured the best way to do so is to use a script. Simply create a new file /usr/scripts/scrub.sh which contains: Code:
pfexec zpool scrub rpool pfexec zpool scrub tank But that doesn't work, no permissions. I verified it by trying just typing Code:
pfexec zpool scrub rpool by itself. I could modify the script to remove pfexec instances and then I just need to schedule the script to run as an administrator. Which I don't know how to do. Any ideas / suggestions? |
| Sponsored Links | ||
|
|
#2
01-09-2013
|
|||
|
|||
|
As what user are you trying to execute this command?
If it is regular user, then you must assign appropriate profile to that user account. |
| The Following User Says Thank You to GP81 For This Useful Post: | ||
taltamir (01-09-2013) | ||
| Sponsored Links | ||
|
|
#3
01-09-2013
|
|||
|
|||
|
Code:
pfexec su - root -c 'zpool scrub rpool' pfexec su - root -c 'zpool scrub tank' Change the word root to any suitable admin username. NOTE: cron does not exec /etc/profile nor does it run .profile for the user in question. In other words your environment settings (PATH, etc) in cron are p[robably wrong. For any user. You have to add the environment from inside the script. This one change alone can fix a lot of problems in cron scripts. su - [username] does log the user in correctly. |
| The Following User Says Thank You to jim mcnamara For This Useful Post: | ||
taltamir (01-09-2013) | ||
|
#4
01-09-2013
|
|||
|
|||
|
Quote:
---------- Post updated at 11:19 ---------- Previous update was at 11:06 ---------- Quote:
Quote:
So to clarify, I broke down what I wanted to do into steps; my "project" plan was very simple, merely 2 steps: A. Create file "scrub.sh" which when run starts scrub on all pools. Make a shortcut for it on desktop to double click when I want a scrub. B. Make a cron job to run that file every 2 weeks. I got stuck on part A thus far and never even started on part B. However, my questions in this thread are 2 fold: 1. How do I fix my project so it works. 2. Should I scrap the idea entirely and do something else that actually will work in achieving the goal of automatic scrub every 2 weeks. If so, how and what. Last edited by taltamir; 01-09-2013 at 12:27 PM.. |
| Sponsored Links | |
|
|
#5
01-10-2013
|
|||
|
|||
|
Here is very usefull blog about RBAC and how you can provide root privileges with pfexec. I'm not an author. Less known Solaris features: pfexec - c0t0d0s0.org Less known Solaris features: RBAC and Privileges - c0t0d0s0.org It's about Solaris10. I didn't use RBAC in s11 but as I can see there is no built-in Primary Administrator profile. I think that you can create profile approprite for your needs for example just with zfs command. There is profile related to filesystem management. Code:
root@solaris11:/etc/security/exec_attr.d# grep zfs * core-os:ZFS File System Management:solaris:cmd:RO::/usr/sbin/zfs:euid=0 You can try if they can meet your needs. I have tested and it looks ok for creating zfs filesystem. Code:
user1@solaris11:~$ profiles
Basic Solaris User
All
user1@solaris11:~$ pfexec zfs create pula01/test
cannot create 'pula01/test': permission deniedCode:
root@solaris11 # usermod -P +'ZFS File System Management' user1 Code:
user1@solaris11:~$ profiles
ZFS File System Management
Basic Solaris User
All
user1@solaris11:~$ zfs create pula01/test
cannot create 'pula01/test': permission denied
user1@solaris11:~$ pfexec zfs create pula01/testAnother edit  ZFS File System Management works fine for zfs command but for zpool command you should use different profile: Code:
root@solaris11 # usermod -P +"ZFS Storage Management" user1 And then zpool scrub works fine too
Last edited by GP81; 01-11-2013 at 06:07 AM.. |
| Sponsored Links | ||
|
|
| Thread Tools | Search this Thread |
| Display Modes | |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| ZFS - overfilled pool | RychnD | Solaris | 3 | 04-20-2012 03:31 AM |
| zfs pool migration | jac | Solaris | 2 | 07-25-2010 11:32 PM |
| ZFS pool question | mrlayance | Solaris | 6 | 11-09-2009 09:21 AM |
| zfs - migrate from pool to pool | pupp | Infrastructure Monitoring | 3 | 08-14-2009 10:27 AM |
| ZFS Pool Mix-up | blicki | Solaris | 1 | 06-08-2009 01:42 AM |
|
|
Linear Mode
