JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris 11.1 Administration: Security Services     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information


Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

3.  Controlling Access to Systems (Tasks)

4.  Virus Scanning Service (Tasks)

5.  Controlling Access to Devices (Tasks)

Configuring Device Policy (Tasks)

Configuring Device Policy (Task Map)

How to View Device Policy

How to Audit Changes in Device Policy

How to Retrieve IP MIB-II Information From a /dev/* Device

Managing Device Allocation (Tasks)

Managing Device Allocation (Task Map)

How to Enable Device Allocation

How to Authorize Users to Allocate a Device

How to View Allocation Information About a Device

How to Forcibly Allocate a Device

How to Forcibly Deallocate a Device

How to Change Which Devices Can Be Allocated

How to Audit Device Allocation

Allocating Devices (Tasks)

How to Allocate a Device

How to Mount an Allocated Device

How to Deallocate a Device

Device Protection (Reference)

Device Policy Commands

Device Allocation

Components of Device Allocation

Device Allocation Service

Device Allocation Rights Profiles

Device Allocation Commands

Allocate Error State

device_maps File

device_allocate File

Device-Clean Scripts

6.  Verifying File Integrity by Using BART (Tasks)

7.  Controlling Access to Files (Tasks)

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Security Attributes in Oracle Solaris (Reference)

Part IV Cryptographic Services

11.  Cryptographic Framework (Overview)

12.  Cryptographic Framework (Tasks)

13.  Key Management Framework

Part V Authentication Services and Secure Communication

14.  Using Pluggable Authentication Modules

15.  Using Secure Shell

16.  Secure Shell (Reference)

17.  Using Simple Authentication and Security Layer

18.  Network Services Authentication (Tasks)

Part VI Kerberos Service

19.  Introduction to the Kerberos Service

20.  Planning for the Kerberos Service

21.  Configuring the Kerberos Service (Tasks)

22.  Kerberos Error Messages and Troubleshooting

23.  Administering Kerberos Principals and Policies (Tasks)

24.  Using Kerberos Applications (Tasks)

25.  The Kerberos Service (Reference)

Part VII Auditing in Oracle Solaris

26.  Auditing (Overview)

27.  Planning for Auditing

28.  Managing Auditing (Tasks)

29.  Auditing (Reference)



Allocating Devices (Tasks)

Device allocation reserves the use of a device to one user at a time. Devices that require a mount point must be mounted. The following procedures show users how to allocate devices.

How to Allocate a Device

Before You Begin

Device allocation must be enabled, as described in How to Enable Device Allocation. If authorization is required, the user must have the authorization.

  1. Allocate the device.

    Specify the device by device name.

    % allocate device-name
  2. Verify that the device is allocated.

    Run the identical command.

    % allocate device-name
    allocate. Device already allocated.

Example 5-5 Allocating a Microphone

In this example, the user jdoe allocates a microphone, audio0.

% whoami
% allocate audio0

Example 5-6 Allocating a Printer

In this example, a user allocates a printer. No one else can print to printer-1 until the user deallocates it, or until the printer is forcibly allocated to another user.

% allocate /dev/lp/printer-1

For an example of forcible deallocation, see How to Forcibly Deallocate a Device.

Example 5-7 Allocating a USB Drive

In this example, a user allocates a USB drive, rmdisk1.

% allocate rmdisk1


If the allocate command cannot allocate the device, an error message is displayed in the console window. For a list of allocation error messages, see the allocate(1) man page.

How to Mount an Allocated Device

Devices mount automatically if you are granted the appropriate privileges. Follow this procedure if the device fails to mount.

Before You Begin

You have allocated the device. You are assigned the privileges that are required for mounting the device, as described in How to Authorize Users to Allocate a Device.

  1. Assume a role that can allocate and mount a device.
    % su - role-name
    Password: <Type role-name password>
  2. Create and protect a mount point in the role's home directory.

    You only need to do this step the first time that you need a mount point.

    $ mkdir mount-point ; chmod 700 mount-point
  3. List the allocatable devices.
    $ list_devices -l
    List of allocatable devices
  4. Allocate the device.

    Specify the device by device name.

    $ allocate device-name
  5. Mount the device.
    $ mount -o ro -F filesystem-type device-path mount-point


    -o ro

    Indicates that the device is to be mounted read-only. Use-o rw to make the device writable.

    -F filesystem-type

    Indicates the file system format of the device. Typically, a CD-ROM is formatted with an HSFS file system. A diskette is typically formatted with a PCFS file system.


    Indicates the path to the device. The output of the list_devices -l command includes the device-path.


    Indicates the mount point that you created in Step 2.

Example 5-8 Allocating a CD-ROM Drive

In this example, a user assumes a role that can allocate and mount a CD-ROM drive, sr0. The drive is formatted as an HSFS file system.

% roles
% su - devicealloc
Password: <Type devicealloc password>
$ mkdir /home/devicealloc/mymnt
$ chmod 700 /home/devicealloc/mymnt
$ list_devices -l
device: sr0 type: sr files: /dev/sr0 /dev/rsr0 /dev/dsk/c0t2d0s0 ...
$ allocate sr0
$ mount -o ro -F hsfs /dev/sr0 /home/devicealloc/mymnt
$ cd /home/devicealloc/mymnt ; ls
List of the contents of CD-ROM


If the mount command cannot mount the device, an error message is displayed: mount: insufficient privileges. Check the following:

Contact your administrator if you still cannot mount the allocated device. How to Troubleshoot RBAC and Privilege Assignment is a starting point.

How to Deallocate a Device

Deallocation enables other users to allocate and use the device when you are finished.

Before You Begin

You must have allocated the device.

  1. If the device is mounted, unmount the device.
    $ cd $HOME
    $ umount mount-point
  2. Deallocate the device.
    $ deallocate device-name

Example 5-9 Deallocating a Microphone

In this example, the user jdoe deallocates the microphone, audio.

% whoami
% deallocate audio0

Example 5-10 Deallocating a CD-ROM Drive

In this example, the Device Allocator role deallocates a CD-ROM drive. After the message is printed, the CD-ROM is ejected.

$ whoami
$ cd /home/devicealloc
$ umount /home/devicealloc/mymnt
$ ls /home/devicealloc/mymnt
$ deallocate sr0
/dev/sr0:      326o
/dev/rsr0:     326o
sr_clean: Media in sr0 is ready.  Please, label and store safely.