Go to main content

Developing System Services in Oracle® Solaris 11.4

Exit Print View

Updated: November 2020

Service Management Privileges

Exporting and developing service manifests and profiles does not require special privilege. Using the svccfg and svcadm commands to modify service state and configuration requires increased privilege. Use one of the following methods to gain the privilege you need. See Securing Users and Processes in Oracle Solaris 11.4 for more information about roles and profiles, including how to determine which role or profile you need and how to assign privileges.


Use the roles command to list the roles that are assigned to you. Use the su command with the name of the role to assume that role. As this role, you can execute any commands that are permitted by the rights profiles that are assigned to that role. For example, if the role is assigned the Service Configuration rights profile, you can execute the svccfg and svcadm commands modify service properties and change service state.

Rights profiles

Use the profiles command to list the rights profiles that are assigned to you. Use one of the following methods to execute commands that your rights profiles permit you to execute:

  • Use a profile shell such as pfbash or pfksh.

  • Use the pfexec command in front of the command that you want to execute. In general, you must specify the pfexec command with each privileged command that you execute.


See the smf_security(7) man page for detailed information about authorizations required for SMF operations. If the Service Configuration rights profile is not sufficient to manage a particular service, inspect the service for the following properties:

  • The action_authorization, modify_authorization, read_authorization, and value_authorization properties specify required authorizations. Individual services can require their own particular authorizations.

  • Properties of the method property group can specify requirements to run the method such as the user and privilege set.

sudo command

Depending on the security policy at your site, you might be able to use the sudo command with your user password to execute a privileged command.

If you need to require specific privileges of administrators who want to use the service you develop, see Securing Service Tasks.