*this
home about contact feed
projects
vagra vaBlo
categories
C++(7) Solaris(4) tntnet(3) vi(3) Linux(2) DeleGate(2) Postgres(2) proxy(2) cxxtools(1) regex(1) readline(1) dtrace(1) gcc(1) MeeGo(1) ssh(1) firefox(1)

Running SMF Services as non-root user

non-root SMF service

Many services doesn't require to run as root. Traditionally most services do start as root and just drop their privileges. With Solaris (>=10) you don't need that anymore, you can start services directly as user from the SMF.

Some Services like Webserver need "root privileges" at start to bind port 80 for example. However, in Solaris there are no "root privileges". There are many privileges now, one privilege called "net_privaddr" is excactly the privilege a Webserver will need to bind port 80, so there is no need to give all privileges a root user normaly have to the webserver.

    <exec_method 
        type='method' 
        name='start'
        exec='/usr/local/bin/tntnet -c /var/tntnet/tntnet.conf'
        timeout_seconds='60'>
        <method_context>
            <method_credential user='tntnet' group='tntnet' privileges='basic,net_privaddr'/>
        </method_context>
    </exec_method>

This is an example from my tntnet SMF manifest, you can download the full manifest here.

2 May 2011, 0:10 by Julian | Updated at 2 May 2011, 0:14 | Tags: SMF Solaris | There are 0 Comments
Write comment