Trusted Solaris Administrator's Procedures

Authorizing Device Allocation

The Allocate Device authorization enables users to allocate a device and to specify the label to associate with information imported from it, or exported to it.

However, site security policy may require that you create separate authorizations for devices that are allocated from the trusted path and devices that are allocated without the trusted path. The following table shows an example:

Table 12-2 Requiring Separate Authorizations for Local and Remote Device Use

Device Name: cdrom_0 

For Allocations From: Trusted Path  

Allocatable By: Authorized Users 

Authorizations: solaris.device.cdrom.local 

For Allocations From: Non-Trusted Path  

Allocatable By: Authorized Users 

Authorizations: solaris.device.cdrom.remot 

Alternatively, a site can allow a device to be allocatable only during local login sessions.

Table 12-3 Specifying Only Local Allocation of the Audio Device

Device Name: audio 

For Allocations From: Trusted Path  

Allocatable By: Authorized Users 

Authorizations: solaris.device.allocate 

For Allocations From: Non-Trusted Path  

Allocatable By: No users 

For added security around device allocation, the Security Administrator role can create a new allocate authorization, such as Allocate Remote Device. See "Adding New Authorizations" and do "To Add an Authorization to the Environment".

Enforcing Device Security

The security administrator decides who can allocate devices. The security administrator should make sure that any user who is authorized to use devices is trained and can be trusted to do the following:

The Security Administrator role also is responsible for enforcing proper compliance with the above-mentioned requirements.

Recovering From the Allocate Error State

As shown in Table 12-5, an allocatable device is in an error state if its ancillary file is owned by user bin and group bin with a device special file mode of 0100 and label of ADMIN_HIGH. One way that a device can be put into an allocate error state is by the device_clean(1M) scripts. A device-clean script puts a device into the allocate error state during deallocation until the user responds to prompts from the script and removable media is ejected. A role with the Reclaim or Revoke authorization can use the Device Allocaiton Manager to reclaim devices from the error state.