home about contact feed
vagra vaBlo
C++(7) Solaris(4) tntnet(3) vi(3) Linux(2) DeleGate(2) Postgres(2) proxy(2) cxxtools(1) regex(1) readline(1) dtrace(1) gcc(1) MeeGo(1) ssh(1) firefox(1)

Running SMF Services as non-root user

non-root SMF service

Many services doesn't require to run as root. Traditionally most services do start as root and just drop their privileges. With Solaris (>=10) you don't need that anymore, you can start services directly as user from the SMF.

Some Services like Webserver need "root privileges" at start to bind port 80 for example. However, in Solaris there are no "root privileges". There are many privileges now, one privilege called "net_privaddr" is excactly the privilege a Webserver will need to bind port 80, so there is no need to give all privileges a root user normaly have to the webserver.

        exec='/usr/local/bin/tntnet -c /var/tntnet/tntnet.conf'
            <method_credential user='tntnet' group='tntnet' privileges='basic,net_privaddr'/>

This is an example from my tntnet SMF manifest, you can download the full manifest here.

Write comment