unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

device_allocate(4)               File Formats               device_allocate(4)



NAME
       device_allocate - device_allocate file

SYNOPSIS
       /etc/security/device_allocate

DESCRIPTION
       The  device_allocate file contains mandatory access control information
       about each physical device. Each device is represented by  a  one  line
       entry of the form:

              device-name;device-type;reserved;reserved;auths;device-exec


       where

       device-name             This  is  an  arbitrary ASCII string naming the
                               physical device. This field contains no  embed-
                               ded white space or non-printable characters.



       device-type             This  is  an  arbitrary ASCII string naming the
                               generic device type. This field identifies  and
                               groups  together  devices  of  like  type. This
                               field contains no embedded white space or  non-
                               printable characters.



       reserved                This field is reserved for future use.



       reserved                This field is reserved for future use.



       auths                   This  field  contains a comma-separated list of
                               authorizations required to allocate the device,
                               or  asterisk (*) to indicate that the device is
                               not allocatable, or an '@' symbol  to  indicate
                               that  no  explicit  authorization  is needed to
                               allocate the device.

                               The       default       authorization        is
                               solaris.device.allocate. See auths(1)



       device-exec             This  is  the physical device's data purge pro-
                               gram to be run any time the device is acted  on
                               by  allocate(1).  This  is  to  ensure that all
                               usable data is purged from the physical  device
                               before  it  is  reused. This field contains the
                               filename of a program in  /etc/security/lib  or
                               the  full pathname of a cleanup script provided
                               by the system administrator.



       The  device_allocate  file  is  an  ASCII  file  that  resides  in  the
       /etc/security directory.

       Lines in device_allocate can end with a `\' to continue an entry on the
       next line.

       Comments may also be included. A `#' makes a  comment  of  all  further
       text until the next NEWLINE not immediately preceded by a `\'.

       White space is allowed in any field.

       The  device_allocate  file  must be created by the system administrator
       before device allocation is enabled.

       The device_allocate file is owned by root, with a group of sys,  and  a
       mode of 0644.

EXAMPLES
       Example 1: Declaring an allocatable device

       Declare  that  physical device st0 is a type st. st is allocatable, and
       the script used to clean the  device  after  running  deallocate(1)  is
       named /etc/security/lib/st_clean.

            # scsi tape
       st0;\
            st;\
            reserved;\
            reserved;\
            solaris.device.allocate;\
            /etc/security/lib/st_clean


       Example 2: Declaring an allocatable device with authorizations

       Declare  that  physical  device fd0 is of type fd. fd is allocatable by
       users with the solaris.device.allocate authorization,  and  the  script
       used   to  clean  the  device  after  running  deallocate(1)  is  named
       /etc/security/lib/fd_clean.

            # floppy drive
       fd0;\
            fd;\
            reserved;\
            reserved;\
            solaris.device.allocate;\
            /etc/security/lib/fd_clean


       Notice that making a device allocatable means that you need to allocate
       and  deallocate it to use it (with allocate(1) and deallocate(1)). If a
       device is not allocatable, there will be an asterisk (*) in  the  auths
       field, and no one can use the device.

FILES
       /etc/security/device_allocate   Contains list of allocatable devices



SEE ALSO
       auths(1),  allocate(1),  bsmconv(1M),  deallocate(1),  list_devices(1),
       auth_attr(4)

NOTES
       The functionality described in this man page is available only  if  the
       Basic  Security Module (BSM) has been enabled. See bsmconv(1M) for more
       information.



SunOS 5.10                        17 Mar 2003               device_allocate(4)