[OpenIndiana-discuss] Zone Privileges for a Normal User

[Deniz Rende]

Hello,

I am using openindiana 151a server edition in VirtualBox.

root at oi151a:~# uname -a
SunOS oi151a 5.11 oi_151a i86pc i386 i86pc Solaris

I have the following zones in the system:

root at oi151a:~# zoneadm list -civ
  ID NAME             STATUS     PATH                           BRAND    IP

   0 global           running    /                              ipkg
shared
   1 zdev             running    /zones/zdev                    ipkg
shared
   2 zdev2            running    /zones/zdev2                   ipkg
shared

I have a user called macuser1 with the following auths and profiles:

macuser1 at oi151a:~$ auths
solaris.admin.wusb.read,solaris.device.cdrw,solaris.device.mount.removable,solaris.mail.mailq,solaris.profmgr.read,solaris.zone.login/zdev2,solaris.zone.manage/zdev2


macuser1 at oi151a:~$ profiles
Zone Management
ZFS File System Management
Basic Solaris User
All

What I am trying to do is to dedicate the zdev2 zone to the macuser1 but
also let this user to manage it.

I got the first part successfully:

macuser1 at oi151a:~$ pfexec zlogin zdev2
[Connected to zone 'zdev2' pts/3]
Last login: Fri Nov  4 17:22:49 on pts/3
OpenIndiana (powered by illumos)    SunOS 5.11    oi_151a    September 2011
root at zdev2:~#

and as intended the user is not able to login to zdev zone:

macuser1 at oi151a:~$ pfexec zlogin zdev
zlogin: macuser1 is not authorized  to login to zdev zone.

which is good, but I can't get the user to configure it's own zone, ie:

macuser1 at oi151a:~$ pfexec zonecfg -z zdev2
WARNING: you do not have write access to this zone's configuration file;
going into read-only mode.
zonecfg:zdev2>exit

which is giving me read-only mode.

How do I let this user to manage ( i,e use zonecfg ) zdev2 zone? I
appreciate the feedback.

Regards,

Deniz Rende


-- 
Deniz Rende