So you want to shutdown? How to add the shutdown option to JDS on opensolaris.

Newcomers to opensolaris might be surprised that the option to shutdown the machine isn't available to a desktop user by default. This makes perfect sense on a server which may run for months without requiring a reboot. It also makes sense in a Sun Ray environment where you don't want to allow an individual user to shutdown a system which may be shared with many others. But if you've installed opensolaris on an ordinary single user desktop P.C. or one of these nifty X86/X64 based Sun workstations, chances are you're going to want to shut it down eventually.

The simplest way of accomplishing this is to use an option in the GNOME Display Manager (GDM). But by default, Solaris uses dtlogin for its display manager. So the first step is to disable dtlogin and enable gdm.

Disable dtlogin:

Login via a remote shell or a console terminal session.
/usr/dt/bin/dtconfig -d
svcadm enable -s gdm 
pkill dtlogin
gdm-restart 

GDM should appear as your display manager.

Now enable GDM's shutdown menu:

Edit /etc/X11/gdm/gdm.conf and change the following line:
#SystemMenu=true
to this:
SystemMenu=true

Another method would be to use Role Based Access Control (RBAC) to enable shutdown only for specific users and create pfexec launchers for these users. Ben Rockwood's blog has a good introduction to RBAC. To allow a user to run the shutdown command, you would do something like this:

Edit /etc/security/exec_attr and add the following profile:
exec_attr:Shutdown:suser:cmd:::/usr/sbin/shutdown:uid=0;gid=1

Add this profile to /etc/user_attr
yourusername :::: profiles=Shutdown

Then your user can shutdown with /usr/bin/pfexec /usr/sbin/shutdown

Update:User reboot of Solaris Containers (a.k.a. zones)! I almost forgot, Ghee suggested that it would be safer to only allow users to reboot their zone. This method has some interesting possibilities, especially in university or development environments. Follow Gleb's excellent example to create a zone, give it an ip adress and hostname. Change the RBAC steps above to allow your user access to /usr/sbin/reboot and create a pfexec reboot launcher. Now use your global zone's dtlogin chooser to xdmcp login to the zone. (Note: if you've configured gdm in your global zone, you'll have to enable its xdmcp chooser by editing /etc/X11/gdm.conf and uncommenting the "chooser=true" line.) The cool thing about this is that when you reboot the zone, it drops you immediately to the global zone's login. Your zone will reboot in just a few seconds and you can use the global zone's chooser to login again!

Correction:If you are using Solaris 10, the gdm service name is gdm2-login:

$ svcs -a | grep -i gdm
disabled       Aug_29   svc:/application/gdm2-login:default

Comments:

Brian, Thanks for this information! (Hint: 'System resource' use within GNOME has proven timely.)

Posted by William R. Walling on October 19, 2005 at 04:43 PM GMT+00:00 #

Post a Comment:
  • HTML Syntax: NOT allowed
About

bnitz

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today