Management Access Rights from non global Zone

We have a Sun Cluster 3.2 on Solaris 10. The Managed Resources are Solaris Zones:

e.g Resgroup xx

- xx-hasp (Storage for the Zone Root)

- xx-lh (the Service Address for the zone)

- xx-sczbt (the Zone boot Resource)

- xx-sczsmf (a managed SMF Service in the Zone)

How do i allow an arbitrary non root user or group inside the zone xx allow to disable the monitor of the resource xx-sczsmf so he can for example perform maintenance on it?

I have a few restrictions:

- the user has no account in the global zone

- the user may be allowed to manage all resources which belong to his zone

- the user is not allowed to manage any resource of another zone.

I guess solaris.cluster.resource.admin will not do the trick :-(

Fritz

[805 byte] By [Tom_Tigera] at [2007-11-26 22:32:08]

«« mailuserstatus
»» Really big arrays

# 1

Provide a role on the global zone that either performs a specific function on a specific zone or allows the user a menu of choices at login.That seems the only way open to me.Tim

Tim.Reada at 2007-7-10 11:38:11 >

top of Java-index,Solaris Operating System,Solaris Essentials - General Technical Questions...

# 2

Well, seems I have to use the same 'hack' i used for a SC 3.1.

Create a user in the global zone which has exactly the allowed rights (with a Role)

Assign it a public key

Give the users which are allowed to perform this operation the matching private key, so they can execute the command over ssh in the global zone.

Not very elegant, but fulfills all my requirements.

Tom_Tigera at 2007-7-10 11:38:12 >

Solaris Operating System

Solaris Essentials - General Technical Questions

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Management Access Rights from non global Zone

Solaris Operating System New Topic

Solaris Operating System Hot Topic

Solaris Operating System

All Classified