Seema Alevoor wrote: > Hi, > > I'm trying to use RBAC for Apache 2.2 service management. > I did the following changes. Please let me know if this is the right > approach ? > I have also attached the diffs of the files modified. Kindly review. > > Apache2 in SFW is configured to run as "webservd" user. To enable this > user to manage the Apache service, > - added Apache2 specific authorization > (solaris.smf.value.http/apache22, solaris.smf.manage.http/apache22) to > auth_attr file. > - modified user_attr file to assign the authorization to the user > "webservd" > - added auths to prof_attr file. > - added general/value_authorization, general/action_authorization and > http/value_authorization smf properties to http-apache2.xml . > Hi,
I tried these settings for myself (user ludo) to see if it would work. I had to add via the User/Groups UI the "apache22" privilege. After this, the user_attr file was modified as follow: ludo::::type=normal;profiles=Apache 22 Administration,Basic Solaris User;auths=solaris.smf.manage.http/apache22,solaris.smf.value.http/apache22 When I start Apache via svcadm, it is started, but with an error in the log and pages are not accessible: Log file: [Mon Nov 05 10:08:28 2007] [notice] Digest: generating secret for digest authentication ... [Mon Nov 05 10:08:28 2007] [notice] Digest: done [Mon Nov 05 10:08:28 2007] [error] (2)No such file or directory: could not create /var/run/apache2/2.2/httpd.pid [Mon Nov 05 10:08:28 2007] [error] httpd: could not log pid to file /var/run/apache2/2.2/httpd.pid To have the pages accessible, I had to login as root and create this missing directory: /var/run/apache2/2.2 Without a server restart, the index.hml page became available... Not sure what is the root cause of this. Thanks for some help, Ludo > > Thanks and Regards, > Seema. > ------------------------------------------------------------------------ > > _______________________________________________ > webstack-discuss mailing list > webstack-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/webstack-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/webstack-discuss/attachments/20071105/850d323f/attachment.html>
