Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

device_allocate(4) [sunos man page]

device_allocate(4)						   File Formats 						device_allocate(4)

NAME
device_allocate - device_allocate file SYNOPSIS
/etc/security/device_allocate DESCRIPTION
The device_allocate file contains mandatory access control information about each physical device. Each device is represented by a one line entry of the form: device-name;device-type;reserved;reserved;auths;device-exec where device-name This is an arbitrary ASCII string naming the physical device. This field contains no embedded white space or non- printable characters. device-type This is an arbitrary ASCII string naming the generic device type. This field identifies and groups together devices of like type. This field contains no embedded white space or non-printable characters. reserved This field is reserved for future use. reserved This field is reserved for future use. auths This field contains a comma-separated list of authorizations required to allocate the device, or asterisk (*) to indicate that the device is not allocatable, or an '@' symbol to indicate that no explicit authorization is needed to allocate the device. The default authorization is solaris.device.allocate. See auths(1) device-exec This is the physical device's data purge program to be run any time the device is acted on by allocate(1). This is to ensure that all usable data is purged from the physical device before it is reused. This field contains the filename of a program in /etc/security/lib or the full pathname of a cleanup script provided by the system adminis- trator. The device_allocate file is an ASCII file that resides in the /etc/security directory. Lines in device_allocate can end with a `' to continue an entry on the next line. Comments may also be included. A `#' makes a comment of all further text until the next NEWLINE not immediately preceded by a `'. White space is allowed in any field. The device_allocate file must be created by the system administrator before device allocation is enabled. The device_allocate file is owned by root, with a group of sys, and a mode of 0644. EXAMPLES
Example 1: Declaring an allocatable device Declare that physical device st0 is a type st. st is allocatable, and the script used to clean the device after running deallocate(1) is named /etc/security/lib/st_clean. # scsi tape st0; st; reserved; reserved; solaris.device.allocate; /etc/security/lib/st_clean Example 2: Declaring an allocatable device with authorizations Declare that physical device fd0 is of type fd. fd is allocatable by users with the solaris.device.allocate authorization, and the script used to clean the device after running deallocate(1) is named /etc/security/lib/fd_clean. # floppy drive fd0; fd; reserved; reserved; solaris.device.allocate; /etc/security/lib/fd_clean Notice that making a device allocatable means that you need to allocate and deallocate it to use it (with allocate(1) and deallocate(1)). If a device is not allocatable, there will be an asterisk (*) in the auths field, and no one can use the device. FILES
/etc/security/device_allocate Contains list of allocatable devices SEE ALSO
auths(1), allocate(1), bsmconv(1M), deallocate(1), list_devices(1), auth_attr(4) NOTES
The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information. SunOS 5.10 17 Mar 2003 device_allocate(4)

Check Out this Related Man Page

deallocate(1)															     deallocate(1)

NAME
deallocate - device deallocation SYNOPSIS
deallocate [-s] device deallocate [-s] [-F] device deallocate [-s] -I The deallocate utility deallocates a device allocated to the evoking user. device can be a device defined in device_allocate(4) or one of the device special files associated with the device. It resets the ownership and the permission on all device special files associated with device, disabling the user's access to that device. This option can be used by an authorized user to remove access to the device by another user. The required authorization is solaris.device.allocate. When deallocation or forced deallocation is performed, the appropriate device cleaning program is executed, based on the contents of device_allocate(4). These cleaning programs are normally stored in /etc/security/lib. The following options are supported: device Deallocate the device associated with the device special file specified by device. -s Silent. Suppresses any diagnostic output. -F device Forces deallocation of the device associated with the file specified by device. Only a user with the solaris.device.revoke authorization is permitted to use this option. -I Forces deallocation of all allocatable devices. Only a user with the solaris.device.revoke authorization is permitted to use this option. This option should only be used at system initialization. The following exit values are returned: non--zero An error occurred. /etc/security/device_allocate /etc/security/device_maps /etc/security/dev/* /etc/security/lib/* See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ allocate(1), list_devices(1), bsmconv(1M), dminfo(1M), mkdevalloc(1M), mkdevmaps(1M), device_allocate(4), device_maps(4), attributes(5) The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information. /etc/security/dev, mkdevalloc(1M), and mkdevmaps(1M) might not be supported in a future release of the Solaris Operating Environment. 28 Mar 2005 deallocate(1)
Man Page