I feel obliged to point out that this blog post is roughly 5 years old. People change, opinions evolve. In just a few years, vast technological landscapes can shift. And don't get me started on config files. Please consider this text in the context of its time.
As i wrote yesterday, there is an alternate way to configure zone console access. Let’s assume we want to give the user junior the authorization to access the zone console of playground. Yesterday we removed the configuration at the end allowing junior to do so.
root@solaris:~# su - junior
junior@solaris:~$ auths
solaris.admin.wusb.read,solaris.mail.mailq,solaris.network.autoconf.read
junior@solaris:~$ profiles
Basic Solaris User
All
You can use the zonecfg to give the nescessary authorizations as well.
root@solaris:~# zonecfg -z playground
zonecfg:playground> add admin
zonecfg:playground:admin> set user=junior
zonecfg:playground:admin> set auths=console
zonecfg:playground:admin> end
zonecfg:playground> commit
zonecfg:playground> exit
Let’s try to open a zone console:
junior@solaris:~$ pfexec zlogin -C playground
[Connected to zone 'playground' console]
playground console login:
How does this work? Well, it just does the same as i wrote yesterday. It adds an authorization and a rights profile. You just use a different mechanism to do so.
root@solaris:~# su - junior
junior@solaris:~$ auths
solaris.admin.wusb.read,solaris.mail.mailq,solaris.network.autoconf.read,solaris.zone.console/playground
junior@solaris:~$ profiles
Zone Console
Basic Solaris User
All
junior@solaris:~$
