I have a role.
lets call it "Oracle Backup"
that role has the following profiles:
oraback@devl0:~$ profiles
formaters
zoneadm
Oracle Backup
ZFS File System Management
ZFS Storage Management
Basic Solaris User
All
but when I try to export a zpool:
oraback@devl0:~$ zpool export db_tmp
cannot export 'db_tmp': permission denied
what gives?
To find out which privileges are required for a program on Solaris OS the command is
ppriv -eD zpool export db_tmp
Also truss can be handy.
Using Privileges (Tasks) - Oracle Solaris Administration: Security Services
Regards
Peasant.
yup did that.... only response was ioctl.
As root:
zfs allow user mount db_tmp
usermod -K defaultpriv=basic,sys_config user
zpool export command should now work for db_tmp.
Please note a sys_config privilege, it is a monster, you might want to be careful in giving that.
Why give users ability to export zpools ?
Rather delegate ZFS filesystems permissions, without modifying users privileges...