Sun Microsystems, Inc.
spacerspacer
spacer   www.sun.com docs.sun.com | | |  
spacer
black dot
   
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z
    
 
File Formatsdevice_allocate(4)

NAME

 device_allocate - device_allocate file

SYNOPSIS

  
/etc/security/device_allocate

DESCRIPTION

 

The device_allocate file contains mandatory access control information about each physical device. Each device is represented by a one line entry of the form:

device-name;device-type;reserved;reserved;auths;device-exec

where

device-name
This is an arbitrary ASCII string naming the physical device. This field contains no embedded white space or non-printable characters.
device-type
This is an arbitrary ASCII string naming the generic device type. This field identifies and groups together devices of like type. This field contains no embedded white space or non-printable characters.
reserved
This field is reserved for future use.
reserved
This field is reserved for future use.
auths
This field contains a comma-separated list of authorizations required to allocate the device, or asterisk (*) to indicate that the device is not allocatable, or an '@' symbol to indicate that no explicit authorization is needed to allocate the device.

The default authorization is solaris.device.allocate. See auths(1)

device-exec
This is the physical device's data purge program to be run any time the device is acted on by allocate(1). This is to ensure that all usable data is purged from the physical device before it is reused. This field contains the filename of a program in /etc/security/lib or the full pathname of a cleanup script provided by the system administrator.

The device_allocate file is an ASCII file that resides in the /etc/security directory.

Lines in device_allocate can end with a `\' to continue an entry on the next line.

Comments may also be included. A `#' makes a comment of all further text until the next NEWLINE not immediately preceded by a `\'.

White space is allowed in any field.

The device_allocate file must be created by the system administrator before device allocation is enabled.

The device_allocate file is owned by root, with a group of sys, and a mode of 0644.

EXAMPLES

 Example 1. Declaring an allocatable device
 

Declare that physical device st0 is a type st. st is allocatable, and the script used to clean the device after running deallocate(1) is named /etc/security/lib/st_clean.

  
     # scsi tape
st0;\
     st;\
     reserved;\
     reserved;\
     solaris.device.allocate;\
     /etc/security/lib/st_clean;\

Example 2. Declaring an allocatable device with authorizations
 

Declare that physical device fd0 is of type fd. fd is allocatable by users with the solaris.device.allocate authorization, and the script used to clean the device after running deallocate(1) is named /etc/security/lib/fd_clean.

  
     # floppy drive
fd0;\
     fd;\
     reserved;\
     reserved;\
     &;\
     /etc/security/lib/fd_clean;\

Notice that making a device allocatable means that you need to allocate and deallocate it to use it (with allocate(1) and deallocate(1)). If a device is not allocatable, there will be an asterisk (*) in the auths field, and no one can use the device.

FILES

 
/etc/security/device_allocate
Contains list of allocatable devices

SEE ALSO

 

auths(1), allocate(1), bsmconv(1M), deallocate(1), list_devices(1), auth_attr(4)

NOTES

 

The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.
SunOS 5.9Go To TopLast Changed 16 Jan 2001
 
      
      
Copyright 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.