Damien Cooke
2006-May-16 07:59 UTC
[dtrace-discuss] Configure normal user access to dtrace?
Can someone send me the steps for configuring a normal user so they can access dtrace I can see they need the privs dtrace_kernel,dtrace_proc,dtrace_user But I am unable to make this work. Regards Damien -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/dtrace-discuss/attachments/20060516/6492bea6/attachment.html>
Brendan Gregg
2006-May-16 08:11 UTC
[dtrace-discuss] Configure normal user access to dtrace?
G''Day Damien, On Tue, 16 May 2006, Damien Cooke wrote:> Can someone send me the steps for configuring a normal user so they > can access dtrace > > I can see they need the privs dtrace_kernel,dtrace_proc,dtrace_user > But I am unable to make this work.# usermod -K defaultpriv=basic,dtrace_kernel,dtrace_proc,dtrace_user username And to user should see, $ ppriv $$ 7698: -sh flags = <none> E: basic,dtrace_kernel,dtrace_proc,dtrace_user I: basic,dtrace_kernel,dtrace_proc,dtrace_user P: basic,dtrace_kernel,dtrace_proc,dtrace_user L: all try not to give them dtrace_kernel if they don''t need it. ... yeah, it''s tempting to vi /etc/user_attr, but that would be naughty. ;) Brendan [Sydney, Australia]
Alessio Cervellin
2006-May-16 08:11 UTC
[dtrace-discuss] Configure normal user access to dtrace?
> Can someone send me the steps for configuring a normal user so > they > can access dtrace > > I can see they need the privs dtrace_kernel,dtrace_proc,dtrace_user > But I am unable to make this work.you should just modify /etc/user_attr by adding the following line: username::::defaultpriv=basic,dtrace_kernel,dtrace_proc
Michael Schuster
2006-May-16 08:11 UTC
[dtrace-discuss] Configure normal user access to dtrace?
Damien Cooke wrote:> Can someone send me the steps for configuring a normal user so they can > access dtrace > > I can see they need the privs dtrace_kernel,dtrace_proc,dtrace_user > But I am unable to make this work.IME, there''s two steps involved: 1) add the privs to /etc/user_attr 2) user needs to log in (sessions from before the change to /etc/user_attr are NOT affected!). HTH Michael -- Michael Schuster (+49 89) 46008-2974 / x62974 visit the online support center: http://www.sun.com/osc/ Recursion, n.: see ''Recursion''
Stefan Parvu
2006-May-16 08:18 UTC
[dtrace-discuss] Re: Configure normal user access to dtrace?
Hi, Only root is allowed to run DTrace by default. To run DTrace you must have certain privileges: $ ppriv -l | grep dtrace dtrace_kernel dtrace_proc dtrace_user Enable using /etc/user_attr example: username::::defaultpriv=dtrace_kernel,basic,proc_owner,dtrace_proc Hope it helps, Stefan This message posted from opensolaris.org
Stefan Parvu
2006-May-16 08:30 UTC
[dtrace-discuss] Re: Configure normal user access to dtrace?
Brendan is right: # usermod -K defaultpriv=basic,dtrace_kernel,dtrace_proc,dtrace_user username that is the most polite way :) This message posted from opensolaris.org
Stefan Parvu
2006-May-16 08:35 UTC
[dtrace-discuss] Re: Configure normal user access to dtrace? - APOLOGIES MANY POSTINGS -
something went bad with my posting got lots of java exceptions when posting... then the post went many times :( stefan This message posted from opensolaris.org
Pat Pinchera
2006-May-22 14:25 UTC
[dtrace-discuss] Configure normal user access to dtrace?
How does an "Enterprise" implement this when they have lots of workstations and lots of users, and they are currently using NIS or NIS+? Most organizations are moving to LDAP, so if there''s a way to provide this privilege to users via LDAP on Solaris 10 workstations, I''d like to know that too. Otherwise, we are burdening our sys-admins with editing /etc/user_attr (or using usermod) on every workstation, for every DTrace eligible user. I''m hoping there''s a better way for LDAP or NIS users. Thanks! Pat Michael Schuster wrote:> Damien Cooke wrote: > >> Can someone send me the steps for configuring a normal user so they >> can access dtrace >> >> I can see they need the privs dtrace_kernel,dtrace_proc,dtrace_user >> But I am unable to make this work. > > > IME, there''s two steps involved: > 1) add the privs to /etc/user_attr > 2) user needs to log in (sessions from before the change to > /etc/user_attr are NOT affected!). > > HTH > Michael
Casper.Dik at Sun.COM
2006-May-22 14:33 UTC
[dtrace-discuss] Configure normal user access to dtrace?
>How does an "Enterprise" implement this when they have lots of >workstations and lots of users, and they are currently using NIS or >NIS+? Most organizations are moving to LDAP, so if there''s a way to >provide this privilege to users via LDAP on Solaris 10 workstations, I''d >like to know that too. > >Otherwise, we are burdening our sys-admins with editing /etc/user_attr >(or using usermod) on every workstation, for every DTrace eligible user. >I''m hoping there''s a better way for LDAP or NIS users. >Clearly, you''d use the user_attr in LDAP/NIS/NIS+. Casper