Device Allocation - Securing Systems and Attached Devices in Oracle® Solaris 11.2

Securing Systems and Attached Devices in Oracle^® Solaris 11.2

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Securing Systems and Attached Devices in ... » Managing Machine Security » Controlling Access to Devices » Device Allocation

Updated: September 2014

Securing Systems and Attached Devices in Oracle^® Solaris 11.2

Document Information

Using This Documentation

Chapter 1 Managing Machine Security

What's New in Securing Systems and Devices in Oracle Solaris 11.2

Controlling Access to a Computer System

Maintaining Physical Security

Maintaining Login Control

Controlling Access to Devices

Device Allocation

Controlling Access to Machine Resources

Address Space Layout Randomization

Limiting and Monitoring Superuser Access

Configuring Role-Based Access Control to Replace Superuser

Preventing Unintentional Misuse of System Resources

Restricting setuid Executable Files

Using the Secure by Default Configuration

Using Resource Management Features

Using Oracle Solaris Zones

Monitoring Use of Machine Resources

Monitoring File Integrity

Controlling Access to Files

Encrypting Files on Disk

Using Access Control Lists

Sharing Files Across Machines

Restricting root Access to Shared Files

Controlling Network Access

Network Security Mechanisms

Authentication and Authorization for Remote Access

Firewall Systems

Encryption and Firewall Systems

Reporting Security Problems

Chapter 2 Protecting Oracle Solaris Systems Integrity

Chapter 3 Controlling Access to Systems

Chapter 4 Controlling Access to Devices

Chapter 5 Virus Scanning Service

Security Glossary

Language:

Device Allocation

The device allocation mechanism enables you to restrict access to a peripheral device, such as a CD-ROM. If device allocation is not enabled, peripheral devices are protected only by file permissions. For example, by default, peripheral devices are available for the following uses:

Any user can read and write to a CD-ROM drive or disc.
Any user can attach a microphone.
Any user can access an attached printer.

Device allocation can restrict a device to authorized users. Device allocation can also prevent a device from being accessed at all. A user who allocates a device has exclusive use of that device until the user deallocates the device. When a device is deallocated, device-clean scripts erase any leftover data. You can write a device-clean script to purge information from devices that do not have a script. For an example, see Writing New Device-Clean Scripts.

Attempts to allocate a device, deallocate a device, and list allocatable devices can be audited. The audit events are part of the other audit class.

For more information about device allocation, see the following:

Table 4–2
Device Allocation
Device Allocation Commands

Copyright © 2002, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices