1. Creating and Using Oracle Solaris Zones
  2. Migrating an Oracle Solaris Zone
  3. Authorizing Non-Root Users to Perform Non-Global Zone Migrations
  4. How to Authorize a User to Perform Cold Migration of an Individual Zone

How to Authorize a User to Perform Cold Migration of an Individual Zone

This procedure assumes the user is already assigned rights and authorizations to create, modify, and delete zone configurations. See Example 8-2.

Perform this procedure to delegate a Zone Migration administrator to cold migrate a specific zone.

  1. Assume the root role.
  2. Set the auths and user properties of the admin resource.
    global$ zonecfg -z zonename
zonecfg:zonename> add admin
zonecfg:zonename:admin> set user=username
zonecfg:zonename:admin> set auths=migrate.cold
zonecfg:zonename:admin> end
zonecfg:zonename> commit

    username is authorized for this zone only.

  3. Verify the zone administrator's rights in the non-global zone and the global zone.

    In this example, jdoe is the user and the zone name is zone1. 

    global$ zonecfg -z zone1 info admin
admin:
         user: jdoe
         auths: migrate.cold

global$ auths jdoe
solaris.admin.wusb.read,solaris.mail.mailq,solaris.network.autoconf.read,solaris.zone.migrate.cold/zonename

global$ profiles jdoe
jdoe:
Zone Cold Migration
Basic Solaris User
All

Example 8-1 Authorizing a User to Migrate All Zones on a System

This example sets authorization for user jdoe to perform cold migration of any zone on the source system. 

global$ usermod -P +"Zone Migration" -A +solaris.zone.migrate jdoe
                        Verify the auths and profiles:
global$ auths jdoe
solaris.admin.wusb.read,solaris.mail.mailq,solaris.network.autoconf.read,solaris.zone.migrate
global$ profiles jdoe
jdoe:
Zone Migration
Basic Solaris User
All

Example 8-2 Authorizing a User to Configure Zones on a System

This example assigns the user jdoe the required profiles and authorizations needed to create, modify, and delete any zone configuration, then verifies the assignments. This assignment is necessary for the user to perform a cold migration. 

global$ usermod -P +"Zone Configuration" -A +solaris.zone.config jdoe

global$ auths jdoe
solaris.admin.wusb.read,solaris.mail.mailq,solaris.network.autoconf.read,solaris.zone.config

global$ profiles jdoe
jdoe:
Zone Configuration
Basic Solaris User
All