SUMMARY: REF:multiple oracle instances with projects and svcadm

From: Jonathan Birchall <Jonathan.Birchall_at_Xchanging.com>
Date: Mon May 21 2007 - 03:54:40 EDT
Thanks to William for the solution below.


Assuming you want all the DBAs to be able to stop/start all instances
In your SMF manifest, add a definition like this:

   <!-- to start/stop oracle -->
         <property_group name='general' type='framework'>
                 <propval name='action_authorization' type='astring'
                         value='solaris.smf.manage.oracle' />
                 <propval name='value_authorization' type='astring'
                         value='solaris.smf.manage.oracle' />
         </property_group>


Then add a line like:
solaris.smf.manage.oracle:::Manage Oracle Service States::

to /etc/security/auth_attr

and modify the appropriate accounts to have the
solaris.smf.manage.oracle authorization

usermod -A solaris.smf.manage.oracle  $user

when the user logs in again, they should have the ability to enable/
disable (permanently or temporarily)
the SMF services you modified.

If you wanted to have different DBAs able to modify different
instances, then make an authorization for each instance, like:
solaris.smf.manage.oracle.instance1
solaris.smf.manage.oracle.instance2

and assign those.

--
William D. Hathaway    email: william.hathaway@versatile.com
Solutions Architect        aim:   wdhPO
Versatile, Inc.                 cell:  717-314-5461




On May 18, 2007, at 3:46 AM, Jonathan Birchall wrote:

> Hello,
>
>
>
> I have built a sunfire v445 on which 3 seperate instances of oracle
> 10g
> are running. These are started by the SMF under different projects,
> however I have coming up against a mental block as to have the oracle
> user start these in thier respective projects using svcadm.
>
>
>
> I can configure the oracle users as a role and allow them service
> manager rights but this does not allow the granularity required as the
> oracle role then appears to be able to have full svcadm rights. I do
> trust my DBA's but not that much.
>
>
>
> Has anyone done this, or could point me in the direction of a good
> document which shows the project side of things. I have read the sun
> blue print on starting apache as a non root user but this doesn't seem
> to cover what I need, that or I dont quiet grasp the finer points.
>
>
>
> Regards
>
> Jonathan
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org
> http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Mon May 21 03:55:14 2007

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:05 EST