Authorizing Non-Root Users to Perform Non-Global Zone Migrations
The global zone administrator can assign non-root users the rights to perform migrations. For the names and details of the rights profiles, see Using Rights Profiles to Install and Manage Zones.
You can restrict the profiles and their associated authorizations to individual zones by setting the auths
property on the admin
resource in the zone configuration. Set the admin
resource's auths
property to auths=migrate
to enable the user to perform all types of migrations for the zone, or auths=migrate.cold
to enable only cold migration and warm migration. See admin Resource Type in Oracle Solaris Zones Configuration Resources for more information.
Note:
Setting theauths
property in the zone configuration automatically enables the appropriate profiles for the user.