wtorek, 15 czerwca 2010

Zones delegated administration

To counter my previous entry, this is something that touches Zones also, but is pretty nice feature:
http://static.opensolaris.org/on/flagdays/pages/20100607142839.html - delegated zones administration.
Basically a user or role in global zone can be designated in a zone configuration as a admin resource, thus giving the user/role additional abilities to control zones.
A good example taken from the link above:

           example# zonecfg -z myzone
zonecfg:myzone> add admin
zonecfg:myzone:admin> set user=zadmin
zonecfg:myzone:admin> set auths=login,manage,clonefrom
zonecfg:myzone:admin> end
zonecfg:myzone> commit

No, user zadmin can use profiled shell to administer zones.