Configuring SMF Services

How to Modify a Service

The following procedure shows how to change the configuration of a service that is not managed by the inetd service.

  1. Become superuser or assume a role that includes the Service Management rights profile.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC in System Administration Guide: Security Services .

  2. Make changes to the configuration files, as needed.

    Many of the services have one or more configuration files that are used to define the startup or other configuration information. These files can be changed while the service is running. The contents of the files is only checked when the service is started.

  3. Restart the service.

    # svcadm restart FMRI
    

Example 15.11. Sharing an NFS File System

To share a file system using the NFS service, you must define the file system in the /etc/dfs/dfstab file and then restart the NFS service. This example shows you what the dfstab file could look like, as well as how to restart the service.

# cat /etc/dfs/dfstab
 .
 .
share -F nfs -o rw /export/home
# svcadm restart svc:/network/nfs/server

How to Change an Environment Variable for a Service

This procedure shows how to modify cron environment variables to help with debugging.

  1. Become superuser or assume a role that includes the Service Management rights profile.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC in System Administration Guide: Security Services .

  2. Verify that the service is running.

    # svcs system/cron
    STATE          STIME    FMRI
    online         Dec_04   svc:/system/cron:default
  3. Set environment variables.

    In this example the UMEM_DEBUG and LD_PRELOAD environment variables are set. For information about the setenv subcommand refer to the svccfg ( 1M ) man page.

    # svccfg -s system/cron:default setenv UMEM_DEBUG default
    # svccfg -s system/cron:default setenv LD_PRELOAD libumem.so
    
  4. Refresh and restart the service.

    # svcadm refresh system/cron
    # svcadm restart system/cron
    
  5. Verify that the change has been made.

    # pargs -e `pgrep -f /usr/sbin/cron`
    100657: /usr/sbin/cron
    envp[0]: LOGNAME=root
    envp[1]: LD_PRELOAD=libumem.so
    envp[2]: PATH=/usr/sbin:/usr/bin
    envp[3]: SMF_FMRI=svc:/system/cron:default
    envp[4]: SMF_METHOD=/lib/svc/method/svc-cron
    envp[5]: SMF_RESTARTER=svc:/system/svc/restarter:default
    envp[6]: TZ=GB
    envp[7]: UMEM_DEBUG=default
    #

How to Change a Property for an inetd Controlled Service

  1. Become superuser or assume a role that includes the Service Management rights profile.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC in System Administration Guide: Security Services .

  2. List the properties for the specific service.

    This command displays all of the properties for the service identified by the FMRI.

    # inetadm -l FMRI
    
  3. Change the property for the service.

    Each property for an inetd controlled service is defined by a property name and an assigned value. Supplying the property name without a specified value resets the property to the default value. Specific information about the properties for a service should be covered in the man page associated with the service.

    # inetadm -m FMRI property-name=value
    
  4. Verify that the property has changed.

    List the properties again to make sure that the appropriate change has occurred.

    # inetadm -l FMRI
    
  5. Confirm that the change has taken effect.

    Confirm the property change that the change has the desired effect.

Example 15.12. Changing the tcp_trace Property for telnet

The following example shows how to set the tcp_trace property for telnet to true. Checking the syslog output after running a telnet command shows that the change has taken effect.

# inetadm -l svc:/network/telnet:default
SCOPE    NAME=VALUE
         name="telnet"
 .
 .
default  inherit_env=TRUE
default  tcp_trace=FALSE
default  tcp_wrappers=FALSE
# inetadm -m svc:/network/telnet:default tcp_trace=TRUE
# inetadm -l svc:/network/telnet:default
SCOPE    NAME=VALUE
         name="telnet"
 .
 .
default  inherit_env=TRUE
         tcp_trace=TRUE
default  tcp_wrappers=FALSE
# telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
login: root
Password: 
Last login: Mon Jun 21 05:55:45 on console
Sun Microsystems Inc.   SunOS 5.10      s10_57  May 2004
# ^D
Connection to localhost closed by foreign host.
# tail -1 /var/adm/messages
Jun 21 06:04:57 yellow-19 inetd[100308]: [ID 317013 daemon.notice] telnet[100625]
    from 127.0.0.1 32802

How to Modify a Command-Line Argument for an inetd Controlled Service

  1. Become superuser or assume a role that includes the Service Management rights profile.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC in System Administration Guide: Security Services .

  2. List the exec property for the specific service.

    This command displays all the properties for the service identified by the FMRI. Adding the grep command restricts the output to the exec property for the service.

    # inetadm -l FMRI|grep exec
  3. Change the exec property for the service.

    The command-syntax set with the exec property defines the command string that is run when the service is started.

    # inetadm -m FMRI exec="command-syntax"
  4. Verify that the property has changed.

    List the properties again to make sure that the appropriate change has occurred.

    # inetadm -l FMRI
    

Example 15.13. Adding the Connection Logging ( l) Option to the ftp Command

In this example, the l option is added to the ftp daemon when it is started. The effect of this change can be seen by reviewing the syslog output after a ftp login session has been completed.

# inetadm -l svc:/network/ftp:default | grep exec
        exec="/usr/sbin/in.ftpd -a"
# inetadm -m svc:/network/ftp:default exec="/usr/sbin/in.ftpd -a -l"
# inetadm -l svc:/network/ftp:default
SCOPE    NAME=VALUE
         name="ftp"
         endpoint_type="stream"
         proto="tcp6"
         isrpc=FALSE
         wait=FALSE
         exec="/usr/sbin/in.ftpd -a -l"
 .
 .
# ftp localhost
Connected to localhost.
220 yellow-19 FTP server ready.
Name (localhost:root): mylogin
331 Password required for mylogin.
Password:
230 User mylogin logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221-You have transferred 0 bytes in 0 files.
221-Total traffic for this session was 236 bytes in 0 transfers.
221-Thank you for using the FTP service on yellow-19.
221 Goodbye.
# tail -2 /var/adm/messages
Jun 21 06:54:33 yellow-19 ftpd[100773]: [ID 124999 daemon.info] FTP LOGIN FROM localhost 
     [127.0.0.1], mylogin
Jun 21 06:54:38 yellow-19 ftpd[100773]: [ID 528697 daemon.info] FTP session closed

How to Convert inetd.conf Entries

The following procedure converts inetd.conf entries into SMF service manifests. This procedure needs to be run anytime a third-party application that depends on inetd is added to a system. Also run this procedure, if you need to make configuration changes to the entry in /etc/inetd.conf.

  1. Become superuser or assume a role that includes the Service Management rights profile.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC in System Administration Guide: Security Services .

  2. Convert the inetd.conf entries.

    The inetconv command converts each entry in the selected file into service manifests.

    # inetconv -i filename
    

Example 15.14. Converting /etc/inet/inetd.conf Entries into SMF Service Manifests

# inetconv -i /etc/inet/inetd.conf