Solaris mount nfs share as non root user

wordpress meta

title: 'Solaris Mount NFS Share as Non Root User'
date: '2015-03-19T12:17:31-05:00'
status: publish
permalink: /solaris-mount-nfs-share-as-non-root-user
author: admin
excerpt: ''
type: post
id: 859
category:
    - Solaris
tag: []
post_format: []

Since it took me a while to get this working I made a note of how. Giving a normal user Primary Administrator Role did work but even the role of System Administrator did not allow me to mount and unmount NFS.

Two Roles I tested:

# grep Adminis /etc/security/prof_attr
[..]
Primary Administrator:::Can perform all administrative tasks:auths=solaris.*,solaris.grant;help=RtPriAdmin.html
Service Operator:::Administer services:auths=solaris.smf.manage,solaris.smf.modify.framework
System Administrator:::Can perform most non-security administrative tasks:profiles=Audit Review,Printer Management,Cron Management,Device Management,File System Management,Mail Management,Maintenance and Repair,Media Backup,Media Restore,Name Service Management,Network Management,Object Access Management,Process Management,Software Installation,User Management,Project Management,All;help=RtSysAdmin.html

The error was like this:

$ pfexec /sbin/mount /apps
nfs mount: insufficient privileges

Below is what I needed to do. The xvfb service had nothing to do with NFS but I needed it for X display so I am just leaving it in.

# cat /etc/user_attr
[..]
ebs_a::::type=normal;defaultpriv=basic,sys_mount,sys_nfs,net_privaddr;auths=solaris.smf.manage.xvfb,solaris.smf.value.xvfb

$ ppriv $$
28423:  -bash
flags = <none>
        E: basic,net_privaddr,sys_mount,sys_nfs
        I: basic,net_privaddr,sys_mount,sys_nfs
        P: basic,net_privaddr,sys_mount,sys_nfs
        L: all
$ pfexec /sbin/umount /apps
$ pfexec /sbin/mount /apps

$ pfexec svcadm disable svc:/application/xvfb:default
$ pfexec svcadm enable svc:/application/xvfb:default