1

Ok, so we have a product which runs a daemon as root, which can communicate over TCP sockets and read / write files. This works fine in Solaris 10, but when we ported it across to Solaris 11, a load of write errors occur.

That is to say, the socket communication is fine (Firewall is disabled), and the product can read all the files we need. I noted that in Solaris 11, the root user is disabled, and instead you have to run as the root "role". I am wondering whether this is what is causing the problem; that instead of using su or sudo to start the daemon, we need to do some other setup beforehand.

Is there anyone with experience in Solaris 11, RBAC, etc who could shed some light on what could be going wrong?

Rsaesha
  • 360
  • 3
  • 10
  • you need to post more information about exactly what problems are occuring. do you have logs that show errors? the root 'role' account is generally permitted to do pretty much anything the 'root' user can do, except log in. I would encourage you to look into RBAC a little more, and use it to create a profile specifically to provide the privileges and authorizations that your application needs, to enable you to run it as a non root user. I've been running Oracle, Sun Cluster, Apache, Mysql, and other applications under RBAC for several years, and I can tell you, it's eminently possible. – Tim Kennedy Nov 04 '11 at 03:59

1 Answers1

1

Is the daemon fiddling with privileges? Have you tried to run the daemon with privilege debug enabled? Note that if you remove certain privileges, you need to start with "basic"; over time, the set of basic privileges will grow and current unprivileged operations will start to need a new basic privilege; in Solaris 11 we have added file_write, file_read and net_access as basic privileges. Missing the file_write privilege will cause the symptom you have described.

Casper Dik
  • 11
  • 1