The post discusses the steps to delegate the management of an SMF service to a non-root user. For example, a non-root user wants to manage the SMF service for tomcat. Follow the steps below to delegate tomcat service management to a non-root user.
Delegate SMF management to non-root user
1. Add the following entry to file /etc/security/auth_attr
solaris.smf.value.tomcat:::Value tomcat Service for user01:: solaris.smf.manage.tomcat:::Manage tomcat Service for user01::
2. Add general/value_authorization and general/action_authorization to the properties of the SMF service:
# svccfg -s application/tomcat setprop general/value_authorization = astring: solaris.smf.value.tomcat # svccfg -s application/tomcat setprop general/action_authorization = astring: solaris.smf.manage.tomcat
3. Refresh the tomcat service.
# svcadm refresh application/tomcat
4. Add solaris.smf.value.tomcat authorization to user user01.
# usermod -A solaris.smf.manage.tomcat,solaris.smf.value.tomcat user01
5. Verify if you can now manage the tomcat service with the user user01.