System Administration Guide: Security Services

ProcedureHow to Make a Device Allocatable

If you have already run the bsmconv command to enable auditing, then device allocation is already enabled on your system. For more information, see the bsmconv(1M) man page.

  1. Assume a role that includes the Audit Control rights profile, or become superuser.

    The Primary Administrator role includes the Audit Control rights profile. You can also assign the Audit Control rights profile to a role that you create. To create the role and assign the role to a user, see Example 9–3.

  2. Enable device allocation.


    # bsmconv
    This script is used to enable the Basic Security Module (BSM).
    Shall we continue with the conversion now? [y/n] y
    bsmconv: INFO: checking startup file.
    bsmconv: INFO: move aside /etc/rc3.d/S81volmgt.
    bsmconv: INFO: turning on audit module.
    bsmconv: INFO: initializing device allocation files.
    
    The Basic Security Module is ready.
    If there were any errors, please fix them now.
    Configure BSM by editing files located in /etc/security.
    Reboot this system now to come up with BSM enabled.

    Note –

    The Volume Management daemon (/etc/rc3.d/S81volmgt) is disabled by this command.