Configuring SMF Services
How to Modify a Service
The following procedure shows how to change the configuration of a service that
is not managed by the inetd service.
- Become superuser or assume a role that includes the Service Management rights profile.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC in System Administration Guide: Security Services.
- Make changes to the configuration files, as needed.
Many of the services have one or more configuration files that are used
to define the startup or other configuration information. These files can be changed while
the service is running. The contents of the files is only checked
when the service is started.
- Restart the service.
# svcadm restart FMRI
Example 17-11 Sharing an NFS File System
To share a file system using the NFS service, you must define
the file system in the /etc/dfs/dfstab file and then restart the NFS service. This
example shows you what the dfstab file could look like, as well as
how to restart the service.
# cat /etc/dfs/dfstab
.
.
share -F nfs -o rw /export/home
# svcadm restart svc:/network/nfs/server
How to Change an Environment Variable for a Service
This procedure shows how to modify cron environment variables to help with debugging.
- Become superuser or assume a role that includes the Service Management rights profile.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC in System Administration Guide: Security Services.
- Verify that the service is running.
# svcs system/cron
STATE STIME FMRI
online Dec_04 svc:/system/cron:default
- Set environment variables.
In this example the UMEM_DEBUG and LD_PRELOAD environment variables are set. For information
about the setenv subcommand refer to the svccfg(1M) man page.
# svccfg -s system/cron:default setenv UMEM_DEBUG default
# svccfg -s system/cron:default setenv LD_PRELOAD libumem.so
- Refresh and restart the service.
# svcadm refresh system/cron
# svcadm restart system/cron
- Verify that the change has been made.
# pargs -e `pgrep -f /usr/sbin/cron`
100657: /usr/sbin/cron
envp[0]: LOGNAME=root
envp[1]: LD_PRELOAD=libumem.so
envp[2]: PATH=/usr/sbin:/usr/bin
envp[3]: SMF_FMRI=svc:/system/cron:default
envp[4]: SMF_METHOD=/lib/svc/method/svc-cron
envp[5]: SMF_RESTARTER=svc:/system/svc/restarter:default
envp[6]: TZ=GB
envp[7]: UMEM_DEBUG=default
#
How to Change a Property for an inetd Controlled Service
- Become superuser or assume a role that includes the Service Management rights profile.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC in System Administration Guide: Security Services.
- List the properties for the specific service.
This command displays all of the properties for the service identified by the
FMRI.
# inetadm -l FMRI
- Change the property for the service.
Each property for an inetd controlled service is defined by a property name and
an assigned value. Supplying the property name without a specified value resets the
property to the default value. Specific information about the properties for a service
should be covered in the man page associated with the service.
# inetadm -m FMRI property-name=value
- Verify that the property has changed.
List the properties again to make sure that the appropriate change has occurred.
# inetadm -l FMRI
- Confirm that the change has taken effect.
Confirm the property change that the change has the desired effect.
Example 17-12 Changing the tcp_trace Property for telnet
The following example shows how to set the tcp_trace property for telnet to
true. Checking the syslog output after running a telnet command shows that the
change has taken effect.
# inetadm -l svc:/network/telnet:default
SCOPE NAME=VALUE
name="telnet"
.
.
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSE
# inetadm -m svc:/network/telnet:default tcp_trace=TRUE
# inetadm -l svc:/network/telnet:default
SCOPE NAME=VALUE
name="telnet"
.
.
default inherit_env=TRUE
tcp_trace=TRUE
default tcp_wrappers=FALSE
# telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
login: root
Password:
Last login: Mon Jun 21 05:55:45 on console
Sun Microsystems Inc. SunOS 5.10 s10_57 May 2004
# ^D
Connection to localhost closed by foreign host.
# tail -1 /var/adm/messages
Jun 21 06:04:57 yellow-19 inetd[100308]: [ID 317013 daemon.notice] telnet[100625]
from 127.0.0.1 32802
How to Modify a Command-Line Argument for an inetd Controlled Service
- Become superuser or assume a role that includes the Service Management rights profile.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC in System Administration Guide: Security Services.
- List the exec property for the specific service.
This command displays all the properties for the service identified by the FMRI.
Adding the grep command restricts the output to the exec property for the
service.
# inetadm -l FMRI|grep exec
- Change the exec property for the service.
The command-syntax set with the exec property defines the command string that is
run when the service is started.
# inetadm -m FMRI exec="command-syntax"
- Verify that the property has changed.
List the properties again to make sure that the appropriate change has occurred.
# inetadm -l FMRI
Example 17-13 Adding the Connection Logging (-l) Option to the ftp Command
In this example, the -l option is added to the ftp daemon
when it is started. The effect of this change can be seen by
reviewing the syslog output after a ftp login session has been completed.
# inetadm -l svc:/network/ftp:default | grep exec
exec="/usr/sbin/in.ftpd -a"
# inetadm -m svc:/network/ftp:default exec="/usr/sbin/in.ftpd -a -l"
# inetadm -l svc:/network/ftp:default
SCOPE NAME=VALUE
name="ftp"
endpoint_type="stream"
proto="tcp6"
isrpc=FALSE
wait=FALSE
exec="/usr/sbin/in.ftpd -a -l"
.
.
# ftp localhost
Connected to localhost.
220 yellow-19 FTP server ready.
Name (localhost:root): mylogin
331 Password required for mylogin.
Password:
230 User mylogin logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221-You have transferred 0 bytes in 0 files.
221-Total traffic for this session was 236 bytes in 0 transfers.
221-Thank you for using the FTP service on yellow-19.
221 Goodbye.
# tail -2 /var/adm/messages
Jun 21 06:54:33 yellow-19 ftpd[100773]: [ID 124999 daemon.info] FTP LOGIN FROM localhost
[127.0.0.1], mylogin
Jun 21 06:54:38 yellow-19 ftpd[100773]: [ID 528697 daemon.info] FTP session closed
How to Convert inetd.conf Entries
The following procedure converts inetd.conf entries into SMF service manifests. This procedure needs
to be run anytime a third-party application that depends on inetd is added
to a system. Also run this procedure, if you need to make configuration
changes to the entry in /etc/inetd.conf.
- Become superuser or assume a role that includes the Service Management rights profile.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC in System Administration Guide: Security Services.
- Convert the inetd.conf entries.
The inetconv command converts each entry in the selected file into service manifests.
# inetconv -i filename
Example 17-14 Converting /etc/inet/inetd.conf Entries into SMF Service Manifests
# inetconv -i /etc/inet/inetd.conf