[OpenIndiana-discuss] Zone Privileges for a Normal User

Ignacio Marambio Catán darkjoker at gmail.com
Sat Nov 5 13:49:14 UTC 2011 

http://trochejen.blogspot.com/2010/06/zones-delegated-administration.html

On Fri, Nov 4, 2011 at 8:21 PM, Deniz Rende <deniz.rende at gmail.com> wrote:
> Hello,
>
> I am using openindiana 151a server edition in VirtualBox.
>
> root at oi151a:~# uname -a
> SunOS oi151a 5.11 oi_151a i86pc i386 i86pc Solaris
>
> I have the following zones in the system:
>
> root at oi151a:~# zoneadm list -civ
>  ID NAME             STATUS     PATH                           BRAND    IP
>
>   0 global           running    /                              ipkg
> shared
>   1 zdev             running    /zones/zdev                    ipkg
> shared
>   2 zdev2            running    /zones/zdev2                   ipkg
> shared
>
> I have a user called macuser1 with the following auths and profiles:
>
> macuser1 at oi151a:~$ auths
> solaris.admin.wusb.read,solaris.device.cdrw,solaris.device.mount.removable,solaris.mail.mailq,solaris.profmgr.read,solaris.zone.login/zdev2,solaris.zone.manage/zdev2
>
>
> macuser1 at oi151a:~$ profiles
> Zone Management
> ZFS File System Management
> Basic Solaris User
> All
>
> What I am trying to do is to dedicate the zdev2 zone to the macuser1 but
> also let this user to manage it.
>
> I got the first part successfully:
>
> macuser1 at oi151a:~$ pfexec zlogin zdev2
> [Connected to zone 'zdev2' pts/3]
> Last login: Fri Nov  4 17:22:49 on pts/3
> OpenIndiana (powered by illumos)    SunOS 5.11    oi_151a    September 2011
> root at zdev2:~#
>
> and as intended the user is not able to login to zdev zone:
>
> macuser1 at oi151a:~$ pfexec zlogin zdev
> zlogin: macuser1 is not authorized  to login to zdev zone.
>
> which is good, but I can't get the user to configure it's own zone, ie:
>
> macuser1 at oi151a:~$ pfexec zonecfg -z zdev2
> WARNING: you do not have write access to this zone's configuration file;
> going into read-only mode.
> zonecfg:zdev2>exit
>
> which is giving me read-only mode.
>
> How do I let this user to manage ( i,e use zonecfg ) zdev2 zone? I
> appreciate the feedback.
>
> Regards,
>
> Deniz Rende
>
>
> --
> Deniz Rende
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>

More information about the OpenIndiana-discuss mailing list