In the current Oracle Solaris Cluster release, the execution of a cluster resource is controlled by the setting of a global cluster property called resource_security, which is set to SECURE by default. This setting ensures that the execution of resource methods is secure.
Resource methods such as Start and Validate always run as root. If the method executable file is owned by a username other than root or allows write permission for the UNIX group or world, an insecurity exists. In this case, if the resource_security property is set to SECURE, execution of the resource method fails at run time and an error is returned. If resource_security has any other setting, the resource method is allowed to execute with a warning message. Permissible values of resource_security are SECURE, WARN, OVERRIDE, or COMPATIBILITY.
A cluster administrator can set the resource_security property for a cluster by using the cluster command, and for a zone cluster by using the clzonecluster command. The clsetup utility can also be used.
If a cluster is upgraded from an earlier release which does not include this property, the resource_security property is set to COMPATIBILITY to ensure that executables can run. However, the administrator should change the setting to SECURE.
For example, the following command sets the property to SECURE on a cluster:
# cluster set -p resource_security=SECURE
The resource_security setting also modifies the behavior of resource types that declare the application_user resource property, as described in the following section.