[SOLVED] Running Java Application with Solaris SMF as Non-Root User

Running Java Application with Solaris SMF as Non-Root User

I am running my application with Solaris SMF as Non Root user, i followed below steps

1- Create file like following

    <?xml version='1.0'?>
    <!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
    <service_bundle type="manifest" name="myapp">
         <service name="application/management/myapp" type="service" version="1">
    <create_default_instance enabled="false" />
    <single_instance />
    <dependency name="multi-user-server" type="service" grouping="require_all" restart_on="none">
    <service_fmri value="svc:/milestone/multi-user-server" />
    </dependency>             
    <exec_method type="method" name="start"     exec="/opt/bin/myapp.sh start" timeout_seconds="-1">
    <method_context>
       <method_credential user='myuser' group='other' />
           <method_environment>
    <envvar name='PATH' value='/usr/bin:/usr/sbin:/usr/ccs/bin:/usr/local/bin:/usr/local/sbin:/usr/sfw/bin' />
    <envvar name='JAVA_HOME' value='/usr/java/' />
       </method_environment>
    </method_context>
    </exec_method>

    <exec_method type="method" name="stop"      exec="/opt/bin/myapp.sh stop" timeout_seconds="-1">
    <method_context>
    <method_credential user='myuser' group='other' />
      <method_environment>
    <envvar name='PATH' value='/usr/bin:/usr/sbin:/usr/ccs/bin:/usr/local/bin:/usr/local/sbin:/usr/sfw/bin' />
    <envvar name='JAVA_HOME' value='/usr/java/' />
      </method_environment>
    </method_context>
    </exec_method>

    <property_group name='start' type='method'>
    <propval name='action_authorization' type='astring' value='solaris.smf.manage.myapp'      />
    <propval name='modify_authorization' type='astring' value='solaris.smf.manage.myapp' />
    <propval name='value_authorization'  type='astring'  value='solaris.smf.manage.myapp' />
    </property_group>
    <property_group name='stop' type='method'>
    <propval name='action_authorization' type='astring' value='solaris.smf.manage.myapp'  />
    <propval name='modify_authorization' type='astring' value='solaris.smf.manage.myapp'   />
    <propval name='value_authorization'  type='astring' value='solaris.smf.manage.myapp'  />
    </property_group>
    <property_group name='general' type='framework'>
    <propval name='action_authorization' type='astring' value='solaris.smf.manage.myapp' />
    <propval name='value_authorization'  type='astring' value='solaris.smf.manage.myapp' />
    <propval name='modify_authorization' type='astring' value='solaris.smf.manage.myapp' />
    </property_group>
    <stability value="Unstable" />
    <template>
    <common_name>
    <loctext xml:lang='C'>My Application</loctext>
    </common_name>
    </template>
         </service>
    </service_bundle>

2- svccfg validate myapp-smf.xml

3- Add line in /etc/security/auth_attr solaris.smf.manage.myapp:::MyApp Management::

4- usermod -A solaris.smf.manage.myapp myuser(make sure myuser is not logged in)

5- svccfg import /opt/smf/myapp-smf.xml

Now logged as myuser and verify/start/stop application with following commands

svcs -l myapp

svcadm enable myapp
svcadm disable myapp

Now problem is next day when i try to enable/disable from my user i got permission denied error.

I run again usermod -A solaris.smf.manage.myapp myuser, and it start working, i am looking for permanent fix.

Regards

Solution

usermod -A solaris.smf.manage.* myuser will solve the problem