test

Solaris Trusted Extensions Administrator's Procedures

ProcedureHow to Configure a Device in Trusted Extensions

By default, an allocatable device has a label range from ADMIN_LOW to ADMIN_HIGH and must be allocated for use. Also, users must be authorized to allocate the device. These defaults can be changed.

Before You Begin

You must be in the Security Administrator role in the global zone.

  1. From the Trusted Path menu, select Allocate Device.

    The Device Manager appears.

    Dialog box titled Device Allocation Administration shows the default security settings for an audio device for an ordinary user.

  2. View the default security settings.

    Click Device Administration, then highlight the device. The following figure shows a CD-ROM drive with default security settings.

    Dialog box titled Device Allocation Configuration shows the default security settings for a CD-ROM drive.

  3. (Optional) Restrict the label range on the device.

    1. Set the minimum label.

      Click the Min Label... button. Choose a minimum label from the label builder. For information about the label builder, see Label Builder in Trusted Extensions.

    2. Set the maximum label.

      Click the Max Label... button. Choose a maximum label from the label builder.

  4. Specify if the device can be allocated locally.

    In the Device Configuration dialog box, under For Allocations From Trusted Path, select an option from the Allocatable By list. By default, the Authorized Users option is checked. Therefore, the device is allocatable and users must be authorized.

    • To make the device nonallocatable, click No Users.

      When configuring a printer, frame buffer, or other device that must not be allocatable, select No Users.

    • To make the device allocatable, but to not require authorization, click All Users.

  5. Specify if the device can be allocated remotely.

    In the For Allocations From Non-Trusted Path section, select an option from the Allocatable By list. By default, the Same As Trusted Path option is checked.

    • To require user authorization, select Allocatable by Authorized Users.

    • To make the device nonallocatable by remote users, select No Users.

    • To make the device allocatable by anyone, select All Users.

  6. If the device is allocatable, and your site has created new device authorizations, select the appropriate authorization.

    The following dialog box shows the solaris.device.allocate authorization is required to allocate the cdrom0 device.

    Dialog box titled Device Allocation Authorizations shows the authorizations of a device.

    To create and use site-specific device authorizations, see Customizing Device Authorizations in Trusted Extensions (Task Map).

  7. To save your changes, click OK.