Tuesday, July 8, 2014

Running Java Application with Solaris SMF as Non-Root User

Sample SMF manifes file

<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<service_bundle type="manifest" name="myapp">
         <service name="application/management/myapp" type="service" version="1">
                 
<!-- Initial state of the service is disabled -->
<create_default_instance enabled="false" />
 
<single_instance />
                 
<dependency name="multi-user-server" type="service" grouping="require_all" restart_on="none">
    <service_fmri value="svc:/milestone/multi-user-server" />
</dependency>
                 
<exec_method type="method" name="start"     exec="/opt/bin/myapp.sh start" timeout_seconds="-1">
    <method_context>
       <method_credential user='myuser' group='other' />
           <method_environment>
  <envvar name='PATH' value='/usr/bin:/usr/sbin:/usr/ccs/bin:/usr/local/bin:/usr/local/sbin:/usr/sfw/bin' />
  <envvar name='JAVA_HOME' value='/usr/java/' />
       </method_environment>
   </method_context>
</exec_method>
                          
<exec_method type="method" name="stop"      exec="/opt/bin/myapp.sh stop" timeout_seconds="-1">
  <method_context>
  <method_credential user='myuser' group='other' />
      <method_environment>
<envvar name='PATH' value='/usr/bin:/usr/sbin:/usr/ccs/bin:/usr/local/bin:/usr/local/sbin:/usr/sfw/bin' />
<envvar name='JAVA_HOME' value='/usr/java/' />
      </method_environment>
 </method_context>
 </exec_method>
                 
<property_group name='start' type='method'>
<propval name='action_authorization' type='astring' value='solaris.smf.manage.myapp' />
<propval name='modify_authorization' type='astring' value='solaris.smf.manage.myapp' />
<propval name='value_authorization'  type='astring'  value='solaris.smf.manage.myapp' />
</property_group>
<property_group name='stop' type='method'>
<propval name='action_authorization' type='astring' value='solaris.smf.manage.myapp' />
<propval name='modify_authorization' type='astring' value='solaris.smf.manage.myapp' />
<propval name='value_authorization'  type='astring' value='solaris.smf.manage.myapp' />
</property_group>
<property_group name='general' type='framework'>
<propval name='action_authorization' type='astring' value='solaris.smf.manage.myapp' />
<propval name='value_authorization'  type='astring' value='solaris.smf.manage.myapp' />
<propval name='modify_authorization' type='astring' value='solaris.smf.manage.myapp' />
                  </property_group>
 
                 <stability value="Unstable" />
 
                 <template>
                          <common_name>
                                   <loctext xml:lang='C'>My Application</loctext>
                          </common_name>
                 </template>
         </service>
</service_bundle>

Now perform following steps from root users
  • svccfg validate myapp-smf.xml
  • Add line in /etc/security/auth_attr solaris.smf.manage.myapp:::MyApp Management::
  • usermod -A solaris.smf.manage.myapp myuser(make sure myuser is not logged in)
  • svccfg import /opt/smf/myapp-smf.xml
Now logged as myuser and verify/start/stop application with following commands
svcs -l myapp
svcadm enable myapp
svcadm disable myapp