Go to main content

Developing System Services in Oracle® Solaris 11.4

Exit Print View

Updated: November 2020

Creating Service Instance Methods

A start method performs the work of the service instance. Other methods perform tasks necessary to disable or refresh a service instance, for example.

In a service manifest or profile, a method is defined in an exec_method element that includes name and exec attributes. Possible values for the name attribute are provided in the restarter man page. For example, the master restarter, /lib/svc/bin/svc.startd, supports start, stop, and refresh methods as described in the svc.startd(8) man page.

There is no restart method. The svcadm restart and svccfg restart commands run the stop method and then the start method.

The exec attribute defines what the method will execute. Possible values for the exec attribute include a custom method script, an existing executable, or a special token defined in SMF, as shown in the following examples:

exec='/lib/svc/method/tcsd.sh start'

By convention, a custom script as shown in this example takes an argument that specifies the value of the name attribute of the method. In this way, the same script can be used for all methods of that service instance.


This example specifies an existing executable.


The tokens :kill and :true are explained in the smf_method(7) man page. The :true token should be used for methods that are required by the restarter but that are not necessary for the particular service instance implementation.

The :kill token causes all processes in the primary service contract to be terminated and therefore is most appropriate for a stop method. In general, a refresh method should not be :kill unless the processes in the contract are programmed to handle those signals gracefully.

Service Method Scripts

A method that is a script can be a Bourne shell compatible script or a Python script, for example.

  • The file /lib/svc/share/smf_include.sh defines many helper functions for Bourne shell compatible method scripts.

  • The file /usr/lib/python-version/vendor-packages/smf_include.py defines many helper functions for Python method scripts, including the following functions that are unique for Python:

    • smf_subprocess() – Starts the specified executable in a subprocess. The process can return immediately, enabling the instance to act as a contract service.

    • smf_main() – Calls the appropriate function from the method script using frame inspection. See the comments in the /usr/lib/python-version/vendor-packages/smf_include.py file.

  • The file /lib/svc/share/smf_exit_codes.sh defines method exit codes.

Use the smf_method_exit() function to document the exit of a method script in the log file of the service instance. The smf_method_exit() function takes an exit code, a token that summarizes the exit reason, and a string that can describe the exit in greater detail. See the smf_method_exit(3SCF) man page for the syntax of the smf_method_exit() function. See /lib/svc/share/smf_exit_codes.sh for the list of exit codes.

Securing Service Tasks

Use any of the following options to restrict which users can run or manage a service or which privileges a user must have to run or manage a service:

  • Use *_authorization properties to specify authorizations that are required to read property values, modify service properties and property values, and perform actions on services. See the smf_security(7) man page for more information.

  • Use the method_credential element of the method_context property group to specify requirements as values of the following properties. All of these properties are optional, but at least one of these properties must be set if you specify a method_credential element:

    • user. The user ID in numeric or text form. If absent or :default, uid 0 and default home directory / are used.

    • group. The group ID in numeric or text form. If absent or :default, the group associated with the user in the passwd database is used.

    • supp_groups. Supplementary group IDs to be associated with the method, separated by commas or spaces. If absent or :default, initgroups(3C) is used.

    • privileges. A comma-separated list of privileges. See the privileges(7) man page.

    • limit_privileges. A comma-separated list of privileges. See the privileges(7) man page.

    • clearance. The process clearance. The value can be ADMIN_HIGH, ADMIN_LOW, or a hexadecimal label. The default value is ADMIN_LOW.

    • trusted_path. If the value is true, the process runs in the Trusted Path Domain (TPD). The default value is false. For more information and examples, see SMF Services in Immutable Zones in Creating and Using Oracle Solaris Zones.

    In Creating Services to Manage Oracle Database Instances, the instance control service and the listener service specify that the service must be run by user oracle in group oinstall.

    The network/ntp service shows a list of required authorizations as the value of the privileges property.

    The network/physical service shows the use of the supp_groups and trusted_path properties.

    The system/console-login service shows the use of the clearance property to require ADMIN_HIGH privilege both to start and stop the service.

  • Specify a rights profile for the method to use. See the MySQL and Apache examples in Locking Down Resources by Using Extended Privileges in Securing Users and Processes in Oracle Solaris 11.4.