Working With Oracle^® Solaris 11.3 Directory and Naming Services: DNS and NIS

How to Run the DNS Service as an Alternative User

This procedure describes how to assign the relevant authorizations to a user to manage the named daemon.

1. Become an administrator.

   For more information about obtaining the appropriate rights to perform specific tasks, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

2. Provide the alternative user with the appropriate authorization.

   # useradd -c "Trusted DNS administrator user" -s /usr/bin/pfbash \
    -A solaris.smf.manage.bind user

3. Set service properties for the user.

   # svccfg -s dns/server:default
   svc:/network/dns/server:default> setprop start/user = user
   svc:/network/dns/server:default> setprop start/group = user
   svc:/network/dns/server:default> exit

4. Create a directory for a new process ID file.

   Because only root has write access to create the default process ID file, /var/run/named/named.pid, you must configure the named daemon to use an alternative file.

   # mkdir /var/named/tmp
   # chown user /var/named/tmp

5. Change the configuration to use the new directory by adding the following lines to the named.conf file:

   # head /etc/named.conf
   options {
   directory "/var/named";
   pid-file "/var/named/tmp/named.pid";
   };

6. Update the SMF repository and restart the DNS service.

   # svcadm refresh svc:/network/dns/server:default
   # svcadm restart svc:/network/dns/server:default