Assigning access to any user to start Nginx
Below are the steps needed to a user that will be allowed to start Nginx with the Solaris SMF system.
Add to /etc/user_attr
1 |
nginx::::auths=solaris.smf.manage.nginx |
Or just run
1 |
usermod -A solaris.smf.manage.nginx nginx |
Add to /etc/security/auth_attr.d/local-entries
1 |
solaris.smf.manage.nginx:::enable, disable and refresh nginx:: |
Create the service
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
<?xml version='1.0'?> <!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'> <service_bundle type='manifest' name='export'> <service name='network/cswnginx' type='service' version='0'> <single_instance/> <dependency name='fs' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/system/filesystem/local'/> </dependency> <dependency name='net' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/network/loopback'/> </dependency> <exec_method name='start' type='method' exec='/var/opt/csw/svc/method/svc-cswnginx start' timeout_seconds='120'> <propval name='action_authorization' type='astring' value='solaris.smf.manage.nginx'/> <propval name='modify_authorization' type='astring' value='solaris.smf.manage.nginx'/> <propval name='value_authorization' type='astring' value='solaris.smf.manage.nginx'/> </exec_method> <exec_method name='stop' type='method' exec='/var/opt/csw/svc/method/svc-cswnginx stop' timeout_seconds='60'> <propval name='action_authorization' type='astring' value='solaris.smf.manage.nginx'/> <propval name='modify_authorization' type='astring' value='solaris.smf.manage.nginx'/> <propval name='value_authorization' type='astring' value='solaris.smf.manage.nginx'/> </exec_method> <exec_method name='restart' type='method' exec='/var/opt/csw/svc/method/svc-cswnginx restart' timeout_seconds='180'> <propval name='action_authorization' type='astring' value='solaris.smf.manage.nginx'/> <propval name='modify_authorization' type='astring' value='solaris.smf.manage.nginx'/> <propval name='value_authorization' type='astring' value='solaris.smf.manage.nginx'/> </exec_method> <exec_method name='refresh' type='method' exec='/var/opt/csw/svc/method/svc-cswnginx refresh' timeout_seconds='60'> <propval name='action_authorization' type='astring' value='solaris.smf.manage.nginx'/> <propval name='modify_authorization' type='astring' value='solaris.smf.manage.nginx'/> <propval name='value_authorization' type='astring' value='solaris.smf.manage.nginx'/> </exec_method> <property_group name='general' type='framework'> <propval name='action_authorization' type='astring' value='solaris.smf.manage.nginx'/> <propval name='modify_authorization' type='astring' value='solaris.smf.manage.nginx'/> <propval name='value_authorization' type='astring' value='solaris.smf.manage.nginx'/> </property_group> <instance name='default' enabled='false' complete='true'> <property_group name='general' type='framework'> <propval name='package' type='astring' value='CSWnginx'/> </property_group> </instance> </service> </service_bundle> |
Leave a Reply