| blob | 91b5afba0c85036fd1e3847c9c30135a93e04daf |
1 '\" te
2 .\" Copyright (c) 2008, Sun Microsystems, Inc.
3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 .TH DEVICE_ALLOCATE 4 "Mar 6, 2017"
7 .SH NAME
8 device_allocate \- device_allocate file
9 .SH SYNOPSIS
10 .LP
11 .nf
12 \fB/etc/security/device_allocate\fR
13 .fi
15 .SH DESCRIPTION
16 .LP
17 The \fBdevice_allocate\fR file is an \fBASCII\fR file that resides in the
18 \fB/etc/security\fR directory. It contains mandatory access control information
19 about each physical device. Each device is represented by a one- line entry of
20 the form:
21 .sp
22 .LP
23 \fIdevice-name\fR;\fIdevice-type\fR;reserved1;reserved2;\fIauths\fR;\fIdevice-e
24 xec\fR
25 .sp
26 .LP
27 where:
28 .sp
29 .ne 2
30 .na
31 \fB\fIdevice-name\fR\fR
32 .ad
33 .sp .6
34 .RS 4n
35 Represents an arbitrary \fBASCII\fR string naming the physical device. This
36 field contains no embedded white space or non-printable characters.
37 .RE
39 .sp
40 .ne 2
41 .na
42 \fB\fIdevice-type\fR\fR
43 .ad
44 .sp .6
45 .RS 4n
46 Represents an arbitrary \fBASCII\fR string naming the generic device type. This
47 field identifies and groups together devices of like type. This field contains
48 no embedded white space or non-printable characters. The following types of
49 devices are currently managed by the system: audio, \fBsr\fR (represents CDROM
50 drives), \fBfd\fR (represents floppy drives), \fBst\fR (represents tape
51 drives), \fBrmdisk\fR (removable media devices).
52 .RE
54 .sp
55 .ne 2
56 .na
57 \fB\fBreserved1\fR\fR, \fB\fBreserved2\fR\fR
58 .ad
59 .sp .6
60 .RS 4n
61 Represents a field reserved for future use.
62 .RE
64 .sp
65 .ne 2
66 .na
67 \fB\fIauths\fR\fR
68 .ad
69 .sp .6
70 .RS 4n
71 Represents a field that contains a comma-separated list of authorizations
72 required to allocate the device, an asterisk (\fB*\fR) to indicate that the
73 device is \fInot\fR allocatable, or an '\fB@\fR' symbol to indicate that no
74 explicit authorization is needed to allocate the device. The default
75 authorization is \fBsolaris.device.allocate\fR. See \fBauths\fR(1).
76 .RE
78 .sp
79 .ne 2
80 .na
81 \fB\fIdevice-exec\fR\fR
82 .ad
83 .sp .6
84 .RS 4n
85 The physical device's data clean program to be run any time the device is acted
86 on by \fBallocate\fR(1). This ensures that unmanaged data does not remain in
87 the physical device between uses. This field contains the filename of a program
88 in \fB/etc/security/lib\fR or the full pathname of a cleanup script provided by
89 the system administrator.
90 .RE
92 .SS "Notes on \fBdevice_allocate\fR"
93 .LP
94 The \fBdevice_allocate\fR file is an ASCII file that resides in the
95 \fB/etc/security\fR directory.
96 .sp
97 .LP
98 Lines in \fBdevice_allocate\fR can end with a `\fB\e\fR\&' to continue an entry
99 on the next line.
100 .sp
101 .LP
102 Comments can also be included. A `\fB#\fR' makes a comment of all further text
103 until the next NEWLINE not immediately preceded by a `\fB\e\fR\&'.
104 .sp
105 .LP
106 White space is allowed in any field.
107 .sp
108 .LP
109 The \fBdevice_allocate\fR file must be created by the system administrator
110 before device allocation is enabled.
111 .sp
112 .LP
113 The \fBdevice_allocate\fR file is owned by root, with a group of \fBsys\fR, and
114 a mode of 0644.
115 .SH EXAMPLES
116 .LP
117 \fBExample 1 \fRDeclaring an Allocatable Device
118 .sp
119 .LP
120 Declare that physical device \fBst0\fR is a type \fBst\fR. \fBst\fR is
121 allocatable, and the script used to clean the device after running
122 \fBdeallocate\fR(1) is named \fB/etc/security/lib/st_clean\fR.
124 .sp
125 .in +2
126 .nf
127 # scsi tape
128 st0;\e
129 st;\e
130 reserved;\e
131 reserved;\e
132 solaris.device.allocate;\e
133 /etc/security/lib/st_clean
134 .fi
135 .in -2
136 .sp
138 .LP
139 \fBExample 2 \fRDeclaring an Allocatable Device with Authorizations
140 .sp
141 .LP
142 Declare that physical device \fBfd0\fR is of type \fBfd\fR. \fBfd\fR is
143 allocatable by users with the \fBsolaris.device.allocate\fR authorization, and
144 the script used to clean the device after running \fBdeallocate\fR(1) is named
145 \fB/etc/security/lib/fd_clean\fR.
147 .sp
148 .in +2
149 .nf
150 # floppy drive
151 fd0;\e
152 fd;\e
153 reserved;\e
154 reserved;\e
155 solaris.device.allocate;\e
156 /etc/security/lib/fd_clean
157 .fi
158 .in -2
159 .sp
161 .sp
162 .LP
163 Making a device allocatable means that you need to allocate and deallocate it
164 to use it (with \fBallocate\fR(1) and \fBdeallocate\fR(1)). If a device is not
165 allocatable, there is an asterisk (\fB*\fR) in the \fIauths\fR field, and no
166 one can use the device.
167 .SH FILES
168 .ne 2
169 .na
170 \fB\fB/etc/security/device_allocate\fR\fR
171 .ad
172 .sp .6
173 .RS 4n
174 Contains list of allocatable devices
175 .RE
177 .SH ATTRIBUTES
178 .LP
179 See \fBattributes\fR(5) for descriptions of the following attributes:
180 .sp
182 .sp
183 .TS
184 box;
185 c | c
186 l | l .
187 ATTRIBUTE TYPE ATTRIBUTE VALUE
188 _
189 Interface Stability Uncommitted
190 .TE
192 .SH SEE ALSO
193 .LP
194 \fBauths\fR(1), \fBallocate\fR(1), \fBdeallocate\fR(1),
195 \fBlist_devices\fR(1), \fBauth_attr\fR(4), \fBattributes\fR(5)