This content has been marked as final. Show 10 replies
Thanks. That solved 3 (it seems), but 1) and 2) are still there unfortunately.
Oh wait, it seems it is not working, after all
This one does:
bronto@isaiah:~$ pfexec svcadm restart svc:/network/smtp:sendmail
This one doesn't
bronto@isaiah:~$ pfexec touch /this
touch: cannot create /this: Permission denied
But this actually does:
bronto@isaiah:~$ sudo touch /this
Edited by: 897943 on 18-nov-2011 4.55
That is working as expected. The 'System Administrator' profile doesn't give you the ability to run touch with elevated privileges. If you want to do that then use su eg su root -c 'touch /this' or as you did use sudo. I realise this is different to what the old 'Primary Administrator' profile did but what it did was far too much without authentication.
Also you shouldn't need the pfexec in front of svcadm since SMF checks authorisations and the 'System Administrator' that is directly assigned has those authorisations because it includes the 'Service Operator' profile.
I checked the Release Notes for Solaris 11 once again, and apparently there is no more information. So, my questions 1) and 2) are still open.
I would like to have a pointer to some documentation that explains how to solve 1) and 2) in Solaris 11, and also something about how the behaviour of pfexec (and other pf* commands) changed.
Does anyone have some?
Thanks in advance
The behaviour of pfexec has actually not changed (the implementation has but that isn't what you are seeing). What has changed is the profiles that are assigned to the initial user and the fact that we have removed the all (too) powerful 'Primary Administrator' profile. Follow the pointers in the Security section of the Solaris 10 to Solaris 11 transition guide: http://docs.oracle.com/docs/cd/E23824_01/html/E24456/rights-1.html#scrolltoc
For the networking configuration issues again the Solaris 10 to Solaris 11 transition guide is a good starting point: http://docs.oracle.com/docs/cd/E23824_01/html/E24456/network-1.html#scrolltoc specifically for automatic mode this section: http://docs.oracle.com/docs/cd/E23824_01/html/E24456/glncz.html#scrolltoc
For the DHCP and DNS interaction the best reference I can point you to is http://docs.oracle.com/docs/cd/E23824_01/html/821-1453/dhcptm-1.html#scrolltoc which is the DHCP section of the Solaris 11 networking documentation. I don't know if it has the answer to your question or not, if you need more then maybe log a support ticket with Oracle.
I finally solved everything.
Regarding the network profile, you can't switch to the Automatic by hand, as it is a system profile. But it will switch to that if you disable the User profile. To switch to the NoNet profile, well, you unplug the network cable :)
DHCP was a hell. I did a lot of efforts using the documentation you pointed me to, but with no success. Other recipes I found on the internet didn't have more success than that. Two were the main problems:
1) the file /etc/hostname.+interface+ is no more used by dhcpagent, but that you will see only if you start logging the daemon facility at the appropriate level...
2) the automatic network configuration always gets in the way, and doesn't let you do what you want
To be able to properly reconfigure the network and be able to have dynamic dns work with dhcp, I had to reconfigure the system using
and select "none" for the network configuration. At that point, I was able to run the ipadm commands for the task:
ip create-ip bge0
ipadm create-addr -T dhcp -h isaiah bge0/v4 # configures IPv4 address
ipadm create-addr -T addrconf bge0/v6 # configures IPv6
These settings are preserved upon reboot. Plus, the dynamic dns update is now working. So, I'd say this is finally solved.
You didn't need to unconfigure and configure again, you can transition to using ipadm by setting Manual Mode networking.
This is documented here: http://docs.oracle.com/cd/E23824_01/html/E24456/gliyc.html
To manually configure the network by using the dladm and ipadm commands, the DefaultFixed NCP must be active (online) after the
installation or upgrade. Use the netadm command to verify which NCP is currently active on your system. See Example 7-1.
If the DefaultFixed NCP is not active, you will need to enable it before you can manually configure the network. See Example 7-2.
Where Example 7-2 is:
$ netadm enable -p ncp DefaultFixed
We're sorry, the page you requested was not found.
We have recorded this error (404) to help us fix the problem.
You may wish to try again using one of the tools below.
Back to Previous Page
Software Download Index
To search for your page, try our Search function.
RSS | Legal Notices and Terms for Use | Privacy Statement
I've since talked to the docs maintainer, all of your links had an extraneous docs in the path:
I think these links should be corrected in the original thread but I was told not to.