How to Run the DNS Service as an Alternative User

This procedure explains how to assign a user the relevant authorizations to manage the named daemon.

1. Become an administrator.

   For more information about obtaining the appropriate rights to perform specific tasks, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

2. Provide the alternative user with the appropriate authorization.

   # useradd -c "Trusted DNS administrator user" -s /usr/bin/pfbash \
    -A solaris.smf.manage.bind user

3. Set service properties for the user.

   # svccfg -s dns/server:default
   svc:/network/dns/server:default> setprop start/user = user
   svc:/network/dns/server:default> setprop start/group = user
   svc:/network/dns/server:default> exit

4. Create a directory for a new process ID file.

   Because only root has write access to create the default process ID file, /var/run/named/named.pid, the named daemon must be configured to use an alternative file.

   # mkdir /var/named/tmp
   # chown dnsadmin /var/named/tmp

5. Change the configuration to use the new directory.

   Add the following lines to the named.conf file:

   # head /etc/named.conf
   options {
   directory "/var/named";
   pid-file "/var/named/tmp/named.pid";
   };

6. Update the SMF repository and restart the DNS service.

   # svcadm refresh svc:/network/dns/server:default
   # svcadm restart svc:/network/dns/server:default