$ svcadm disable -s manray-persist
$ passwd
New password: vagrant
Re-enter new password: vagrant
$ svcadm enable -s manray-persist
manray enables modifiable, persistent UNIX user accounts and RBAC configuration for SmartOS global zones, by providing a pair of boot time services: manray-load
and manray-persist
, that assist administrators in loading and persisting custom account information.
At boot, manray-load
copies select configuration files from a /usbkey
wallet to /etc
, so that a user patrick
may login, invoke RBAC privileges with pfexec
, and so on. Once the manray-load
service launches, manray-persist
becomes enabled.
While manray-persist
is enabled, Patrick sees a read-only edition of /etc
files. Administrators can disable manray-persist
, which triggers writeable copies to be injected onto the system. Then, administrators can execute passwd
, usermod
, groupadd
, and so on to modify UNIX user account and RBAC configuration. Finally, the administrator re-renables manray-persist
, which backs up the configuration to /usbkey
.
Warning: Changes to UNIX accounts and RBAC configuration will be lost at next boot unless manray-persist
is re-enabled beforehand.
$ curl -kLO https://github.com/mcandre/manray/releases/download/v0.0.2/manray-0.0.2.tgz
$ tar xzvf manray-0.0.2.tgz -C /
$ svccfg import /opt/custom/smf/manray-load.xml
$ svccfg import /opt/custom/smf/manray-persist.xml
Warning: As SSL certificates are disregarded, the tarball should be verified against official release checksums with the digest
utility.
- SmartOS global zone
- make, e.g. GNU make
- tar, md5sum from coreutils, e.g., GNU coreutils
- a build environment that preserves UNIX file permissions
- shfmt (e.g.
go get mvdan.cc/sh/cmd/shfmt
) - bashate
- checkbashisms
- ShellCheck
- stank (e.g.
go get github.com/mcandre/stank/...
)
- vagrant-smartos-packager - provides a working example of how to setup a virtual machine for SmartOS global zones with persistent, modifiable UNIX accounts