On Tue, 23 Sep 2008, Darren J Moffat wrote:
> Run the "service" with the file_chown privilege. See privileges(5),
> rbac(5) and if it runs as an SMF service smf_method(5).
Thanks for the pointer. After reviewing this documentation, it seems that
file_chown_self is the best privilege to delegate,
Paul B. Henson wrote:
> What would be the best way to allow the service account to chown the newly
> created ZFS filesystem to the appropriate user? Right now I'm tentatively
> thinking of making a small suid root binary only executable by the service
> account which would take a username and chown
So I've been playing with SXCE in anticipation of the release of S10U6
(which last I heard has been delayed until sometime in October :( ) seeing
how I might integrate our identity management system and ZFS provisioning
using a minimum privileges service account.
I need to be able to create files
