SunSHIELD Basic Security Module Guide

Managing and Adding Devices

The procedures in this section show how to manage devices and how to add devices.

How to Manage Devices

  1. Determine which devices are listed in the device_allocate file and which devices can be made allocatable.

  2. Define which devices, if any, should be made allocatable.

  3. Decide which normal users, if any, should be allowed to allocate devices.

  4. Edit the device_allocate file and add the new device.

How to Add a New Allocatable Device

  1. Create an entry for any new allocatable device on the machine in the device_allocate file.

    This procedure is described in "The device_allocate File".

  2. Create an empty lock file for each allocatable device in the /etc/security/dev directory.

    This procedure is described in "Setting Up Lock Files".

  3. Create a device-clean script if needed, for each new device.

    If you add a Xylogics or an Archive tape drive, you can use the st_clean script; otherwise, create your own. How to create a device-handling script is described in "Device-Clean Scripts".

  4. Make all device-special files for the device to be owned by user bin, group bin, and mode 000.

    You can run the dminfo command to get a listing from the device_maps file of all the device-special files that are associated with the device you are making allocatable.