|SMF_SECURITY(7)||Standards, Environments, and Macros||SMF_SECURITY(7)|
The following authorization is used to manipulate services and service instances.
Each property group has a type corresponding to its purpose. The core property group types are method, dependency, application, and framework. Additional property group types can be introduced, provided they conform to the extended naming convention in smf(7). The following basic authorizations, however, apply only to the core property group types:
Property group-specific authorization can be specified by properties contained in the property group.
The above authorization properties are only used if they have type astring. If an instance property group does not have one of the properties, but the instance's service has a property group of the same name with the property, its values are used.
Administrative domains with policies that prohibit backup of data considered sensitive should exclude the SMF repository databases from their backups. In the face of such a policy, non-protected property values can be backed up by using the svccfg(8) archive command to create an archive of the repository without protected property values.
In addition, the general/action_authorization property can specify additional authorizations that permit service actions to be requested for that service instance. The solaris.smf.manage authorization is required to modify this property.
Sites can define additional rights profiles customized to their needs.
When a service is configured to be started as root but with privileges different from limit_privileges, the resulting process is privilege aware. This can be surprising to developers who expect seteuid(<non-zero UID>) to reduce privileges to basic or less.
|May 13, 2017||OmniOS|