test

Trusted Solaris Administrator's Procedures

To Add a Device

Follow the instructions in the Installing Device Drivers guide for the Solaris environment, if needed, then do the following Trusted Solaris-specific steps.

  1. If adding a new allocatable device, the System Administrator should create a device_clean script, if needed.

    A tape drive can use the default st_clean script as is, or the script can be modified to suit the site's security policy. Otherwise, a new device_clean script is needed. See "To Change or Add a Device Clean Script" for the procedure.

  2. Assume the Security Administrator role and go to an ADMIN_LOW workspace.

  3. Click the Device Allocation icon on the Tools subpanel.

  4. Click Device Administration, then click New....

  5. Enter the Device Name and Device Type.

  6. In the Device Map field, enter the pathnames for all the device special files associated with the device. Separate the pathnames with spaces.

  7. (Optional) Set the label range on the device to be other than ADMIN_LOW to ADMIN_HIGH, by clicking the Min Label... and button and Max Label... buttons.

  8. For Allocations From Trusted Path, choose an option from the Allocatable By: list:


    Authorized Users
No Users
All Users
Same as Trusted Path
    Note -

    When configuring a printer, frame buffer, or other device that should not be allocatable, make sure to select No Users.

    Same As Trusted Path applies only when Non-Trusted Path is selected.

  9. When you choose Allocatable by Authorized Users, the Authorizations field becomes active, and the solaris.device.allocation authorization name displays.

    If you have created site-specific device authorizations, enter them. See "To Add Site-Specific Authorizations to a Device" for the procedure.

  10. Click Non-Trusted Path and click whether it should be treated the same as the Trusted Path.

  11. If you choose Allocatable by Authorized Users, click the Authorizations... button to require site-specific authorizations to allocate the device from outside the trusted path.

    If you have created site-specific device authorizations, enter them. See "To Add Site-Specific Authorizations to a Device" for the procedure.

  12. Specify the Deallocation Options for the device when it is allocated locally through the trusted path.

  13. Click OK to save your changes.