| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
Configuring Device Policy (Tasks)
Configuring Device Policy (Task Map)
How to Audit Changes in Device Policy
How to Retrieve IP MIB-II Information From a /dev/* Device
Managing Device Allocation (Tasks)
Managing Device Allocation (Task Map)
How to Enable Device Allocation
How to Authorize Users to Allocate a Device
How to View Allocation Information About a Device
How to Forcibly Allocate a Device
How to Forcibly Deallocate a Device
How to Change Which Devices Can Be Allocated
How to Audit Device Allocation
Components of Device Allocation
Device Allocation Rights Profiles
6. Verifying File Integrity by Using BART (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Security Attributes in Oracle Solaris (Reference)
Part IV Cryptographic Services
11. Cryptographic Framework (Overview)
12. Cryptographic Framework (Tasks)
Part V Authentication Services and Secure Communication
14. Using Pluggable Authentication Modules
17. Using Simple Authentication and Security Layer
18. Network Services Authentication (Tasks)
19. Introduction to the Kerberos Service
20. Planning for the Kerberos Service
21. Configuring the Kerberos Service (Tasks)
22. Kerberos Error Messages and Troubleshooting
23. Administering Kerberos Principals and Policies (Tasks)
24. Using Kerberos Applications (Tasks)
25. The Kerberos Service (Reference)
Device allocation reserves the use of a device to one user at a time. Devices that require a mount point must be mounted. The following procedures show users how to allocate devices.
Before You Begin
Device allocation must be enabled, as described in How to Enable Device Allocation. If authorization is required, the user must have the authorization.
Specify the device by device name.
% allocate device-name
Run the identical command.
% allocate device-name allocate. Device already allocated.
Example 5-5 Allocating a Microphone
In this example, the user jdoe allocates a microphone, audio0.
% whoami jdoe % allocate audio0
Example 5-6 Allocating a Printer
In this example, a user allocates a printer. No one else can print to printer-1 until the user deallocates it, or until the printer is forcibly allocated to another user.
% allocate /dev/lp/printer-1
For an example of forcible deallocation, see How to Forcibly Deallocate a Device.
Example 5-7 Allocating a USB Drive
In this example, a user allocates a USB drive, rmdisk1.
% allocate rmdisk1
Troubleshooting
If the allocate command cannot allocate the device, an error message is displayed in the console window. For a list of allocation error messages, see the allocate(1) man page.
Devices mount automatically if you are granted the appropriate privileges. Follow this procedure if the device fails to mount.
Before You Begin
You have allocated the device. You are assigned the privileges that are required for mounting the device, as described in How to Authorize Users to Allocate a Device.
% su - role-name Password: <Type role-name password> $
You only need to do this step the first time that you need a mount point.
$ mkdir mount-point ; chmod 700 mount-point
$ list_devices -l List of allocatable devices
Specify the device by device name.
$ allocate device-name
$ mount -o ro -F filesystem-type device-path mount-point
where
Indicates that the device is to be mounted read-only. Use-o rw to make the device writable.
Indicates the file system format of the device. Typically, a CD-ROM is formatted with an HSFS file system. A diskette is typically formatted with a PCFS file system.
Indicates the path to the device. The output of the list_devices -l command includes the device-path.
Indicates the mount point that you created in Step 2.
Example 5-8 Allocating a CD-ROM Drive
In this example, a user assumes a role that can allocate and mount a CD-ROM drive, sr0. The drive is formatted as an HSFS file system.
% roles devicealloc % su - devicealloc Password: <Type devicealloc password> $ mkdir /home/devicealloc/mymnt $ chmod 700 /home/devicealloc/mymnt $ list_devices -l ... device: sr0 type: sr files: /dev/sr0 /dev/rsr0 /dev/dsk/c0t2d0s0 ... ... $ allocate sr0 $ mount -o ro -F hsfs /dev/sr0 /home/devicealloc/mymnt $ cd /home/devicealloc/mymnt ; ls List of the contents of CD-ROM
Troubleshooting
If the mount command cannot mount the device, an error message is displayed: mount: insufficient privileges. Check the following:
Verify that you are executing the mount command in a profile shell. If you have assumed a role, the role has a profile shell. If you are a user who has been assigned a profile with the mount command, you must create a profile shell. For the list of available profile shells, see the pfexec(1).
Verify that you own the specified mount point. You must have read, write, and execute access to the mount point.
Contact your administrator if you still cannot mount the allocated device. How to Troubleshoot RBAC and Privilege Assignment is a starting point.
Deallocation enables other users to allocate and use the device when you are finished.
Before You Begin
You must have allocated the device.
$ cd $HOME $ umount mount-point
$ deallocate device-name
Example 5-9 Deallocating a Microphone
In this example, the user jdoe deallocates the microphone, audio.
% whoami jdoe % deallocate audio0
Example 5-10 Deallocating a CD-ROM Drive
In this example, the Device Allocator role deallocates a CD-ROM drive. After the message is printed, the CD-ROM is ejected.
$ whoami devicealloc $ cd /home/devicealloc $ umount /home/devicealloc/mymnt $ ls /home/devicealloc/mymnt $ $ deallocate sr0 /dev/sr0: 326o /dev/rsr0: 326o … sr_clean: Media in sr0 is ready. Please, label and store safely.
|