|
|
Sponsored Content
Operating Systems
Solaris
Permission denied in SMF service log
Post 302352503 by ilikecows on Friday 11th of September 2009 01:51:47 PM
09-11-2009
|
|
10 More Discussions You Might Find Interesting
1. Solaris
Hi Experts,
While playing with smf in my local system ( which is not in production ) i am unable to restart the service svc:/network/nfs/server:default . I tried starting it in different way, however unable to restart the same.
I was checking the dependency for that I disabled the... (11 Replies)
Discussion started by: kumarmani
11 Replies
2. Solaris
I would like to run command whenever system boot up, i.e "/opt/admin/script/closegen -c /opt/share/script/colsehg"
How do I integrate above command in to SMF services.
-sam (1 Reply)
Discussion started by: sam786
1 Replies
3. Solaris
Hello everybody,
I intended to use Apache 2 first time on my S10 U7 box. But the package (V2) is not ok for the developpers and they need 2.2.12 somehow. I removed Apache 1.3 and installed 2.2.12 with the stream package which I downloaded from Sunfreeware.com
It's running perfectly if I start... (2 Replies)
Discussion started by: shadowfaxxxx
2 Replies
4. Infrastructure Monitoring
I'm trying to register & start a service using SMF on Solaris 10. It's nsca, part of the Nagios monitoring system. I've got nsca running fine as a detached process, and can manually create passive checks via send_nsca. But when I try to run nsca as a daemon, I need some advice.
The nsca... (0 Replies)
Discussion started by: lyle
0 Replies
5. Solaris
Hi all,
Is there any way to configure a certain service to be shutdown first via SMF?
Thanks in advance
Eugene (1 Reply)
Discussion started by: srage
1 Replies
6. Solaris
Hi all,
Is there any way to configure a certain service to be shutdown first via SMF?
Thanks in advance
Eugene (2 Replies)
Discussion started by: srage
2 Replies
7. Solaris
I'm running Tibco Hawk (hawkhma and agent) on a number of solaris 10 boxes (both x86 and Sparc).
Tibco Hawk is a monitoring system, that can monitor processs and logs on the OS and applications. It also have the ability to start a process, if it for some reason, have died.
I have implemented... (2 Replies)
Discussion started by: u_paludan
2 Replies
8. Solaris
I need to start a service among the last on a freshly booted system. Via the manifest, I've made it dependent on very milestone on the computer yet the service still comes back with an error that a kstat variable in the kernel does not exist.
I run it right the service process right there... (6 Replies)
Discussion started by: JWH
6 Replies
9. UNIX for Dummies Questions & Answers
when i run echo "User” > /dev/tty5 why do i get permission denied? :confused: (2 Replies)
Discussion started by: chinababy
2 Replies
10. UNIX for Advanced & Expert Users
Hello,
My ntp service goes in maintenance mode in Solaris 11. I do "svcadm clear ntp", the service is back but after 1 minute it crashes but automatically restarted. After the third attempt it goes in maintenance again :
After the clear :
1 minute later it crashes but it is... (2 Replies)
Discussion started by: bob74350
2 Replies
LEARN ABOUT V7
smf_security
smf_security(5) Standards, Environments, and Macros smf_security(5) NAME
smf_security - service management facility security behavior DESCRIPTION
The configuration subsystem for the service management facility, smf(5), requires privilege to modify the configuration of a service. Priv- ileges are granted to a user by associating the authorizations described below to the user through user_attr(4) and prof_attr(4). See rbac(5). The following authorization is used to manipulate services and service instances. solaris.smf.modify Authorized to add, delete, or modify services, service instances, or their properties. Property Group Authorizations The smf(5) configuration subsystem associates properties with each service and service instance. Related properties are grouped. Groups may represent an execution method, credential information, application data, or restarter state. The ability to create or modify property groups can cause smf(5) components to perform actions that may require operating system privilege. Accordingly, the framework requires appropriate authorization to manipulate property groups. Each property group has a type corresponding to its purpose. The core property group types are method, dependency, application, and frame- work. Additional property group types can be introduced, provided they conform to the extended naming convention in smf(5). The following basic authorizations, however, apply only to the core property group types: solaris.smf.modify.method Authorized to change values or create, delete, or modify a property group of type method. solaris.smf.modify.dependency Authorized to change values or create, delete, or modify a property group of type dependency. solaris.smf.modify.application Authorized to change values or create, delete, or modify a property group of type application. solaris.smf.modify.framework Authorized to change values or create, delete, or modify a property group of type framework. solaris.smf.modify Authorized to add, delete, or modify services, service instances, or their properties. Property group-specific authorization can be specified by properties contained in the property group. modify_authorization Authorizations allow the addition, deletion, or modification of properties within the property group. value_authorization Authorizations allow changing the values of any property of the property group except modify_authorization. The above authorization properties are only used if they have type astring. If an instance property group does not have one of the proper- ties, but the instance's service has a property group of the same name with the property, its values are used. Service Action Authorization Certain actions on service instances may result in service interruption or deactivation. These actions require an authorization to ensure that any denial of service is a deliberate administrative action. Such actions include a request for execution of the refresh or restart methods, or placement of a service instance in the maintenance or other non-operational state. The following authorization allows such actions to be requested: solaris.smf.manage Authorized to request restart, refresh, or other state modification of any service instance. In addition, the general/action_authorization property can specify additional authorizations that permit service actions to be requested for that service instance. The solaris.smf.manage authorization is required to modify this property. Defined Rights Profiles Two rights profiles are included that offer grouped authorizations for manipulating typical smf(5) operations. Service Management A service manager can manipulate any service in the repository in any way. It corresponds to the solaris.smf.manage and solaris.smf.modify authorizations. The service management profile is the minimum required to use the pkgadd(1M) or pkgrm(1M) commands to add or remove software packages that contain an inventory of services in its service manifest. Service Operator A service operator has the ability to enable or disable any service instance on the system, as well as request that its restart or refresh method be executed. It corresponds to the solaris.smf.manage and solaris.smf.modify.framework authorizations. Sites can define additional rights profiles customized to their needs. Remote Repository Modification Remote repository servers may deny modification attempts due to additional privilege checks. See NOTES. SEE ALSO
auths(1), profiles(1), pkgadd(1M), pkgrm(1M), prof_attr(4), user_attr(4), rbac(5), smf(5) NOTES
The present version of smf(5) does not support remote repositories. SunOS 5.10 2 Dec 04 smf_security(5)