Hi I would have thought that webservd is the one user that you definitely do NOT want to be able to control the SMF edit the config files or anything else that might affect the service.
Anthony.Worrall at Reading.ac.uk > -----Original Message----- > From: webstack-discuss-bounces at opensolaris.org [mailto:webstack-discuss- > bounces at opensolaris.org] On Behalf Of Jyri Virkki > Sent: 01 November 2007 00:11 > To: Seema Alevoor > Cc: security-discuss at opensolaris.org; Webstack Discuss > Subject: Re: [webstack-discuss] [security-discuss] Apache 2.2 > Servicemanagement using RBAC > > Seema Alevoor wrote: > > > > I'm trying to use RBAC for Apache 2.2 service management. > > I did the following changes. Please let me know if this is the right > > approach ? > > I have also attached the diffs of the files modified. Kindly review. > > > > Apache2 in SFW is configured to run as "webservd" user. To enable this > user > > to manage the Apache service, > > Does webservd user need to be able to manage the apache smf service? > > While that's the runtime uid of the apache process, I didn't expect > users to log in as webservd to run "svcadm enable apache22", or do they? > > > -- > Jyri J. Virkki - jyri.virkki at sun.com - Sun Microsystems > _______________________________________________ > webstack-discuss mailing list > webstack-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/webstack-discuss
