Even more new options for svcbundle

Another addition to svcbundle was the addition to set

• user
• group
• privileges

to directly create manifests for SMF that didn’t need manual editing to adhere to the best practice that you should run services always at the least nescesarry privileges.

svcbundle -s service-name=site/narf \
 -s start-method="/lib/svc/method/narf %m" \
 -s stop-method="/lib/svc/method/narf %m" \
 -s refresh-method="/lib/svc/method/narf %m" \
 -s model=daemon \
 -s user=webserv \
 -s group=webgrp \
 -s privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr'
[..]
        <method_context>
            <method_credential user="webserv" group="webgrp"
                privileges="basic,!proc_session,!proc_info,!file_link_any,net_privaddr"
            />
        </method_context>

Please keep in mind, that svcbundle doesn’t check if the user or group actually exists on your system, because most often you will create a manifest in development and the user and group on you production systems may be totally different ones.