A data service can invoke an application following the concept of least privilege to decrease the possibility of a security breach. With this approach, you require the application to be executed with the minimal privileges required to perform its tasks.
See the manual Developer’s Guide to Oracle Solaris 11 Security in the Oracle Solaris 11 documentation library for more information about developing privileged applications in Oracle Solaris 11.
As good security practice, application programs should not be run as root. Executables generally should be owned by root and run as non-root. If an executable binary or script owned by a non-root user can be executed as root, it would be possible for the non-root user to insert malicious operations into that executable, which could be executed with full privileges.
Cluster agent methods should run all external programs using a wrapper to ensure that the external program is executed with the correct username and privilege.
Oracle Solaris Cluster provides the application_user and resource_security properties and the scha_check_app_user command to enable data services to ensure that the application is executed securely. The scha_check_app_user command can be called in scripts to verify the username against the configured application_user and resource_security settings.
See the following sections for information about using resource properties and commands to set up a data service to run with the least privileges required.