deallocate(1M)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | FILES | ATTRIBUTES | SUMMARY OF TRUSTED SOLARIS CHANGES | DIAGNOSTICS | SEE ALSO

NAME

deallocate- Device deallocation

SYNOPSIS

deallocate [-s] device
deallocate [-s] [-F] device
deallocate [-s] -I
deallocate [-s] -R [device]

DESCRIPTION

deallocate deallocates a device allocated to the evoking user. device can be a device defined in device_allocate(4) or one of the device special files associated with the device. It resets the ownership and the permission on all device special files associated with device, disabling the user's access to that device. This option can be used by a privileged user to remove access to the device by another user.

When deallocation or forced deallocation is performed, the appropiate device cleaning program is executed, based on the contents of device_allocate(4). These cleaning programs are normally stored in /etc/security/lib. deallocate requires the file_chown, file_dac_read, file_mac_read, file_setdac, and sys_audit privileges to be successful. In addition, certain options require the trusted path attribute to be successful.

OPTIONS

device

Deallocate the device associated with the device special file specified by device.

-s

Silent. Suppress any diagnostic output.

-F device

Force deallocation of the device associated with the file specified by device. Only the super user is permitted to use this option.

-I

Force deallocation of all allocatable devices. This option requires the trusted path attribute to be successful. This option should only be used at system initialization.

-R device

Reset the specified device to be allocatable. All associated physical device nodes listed in the device_maps file for the specified device will be reset to the deallocated mode and label. Intended as a means for reclaiming a device from a state of error, this option requires the trusted path attribute to be successful. If the specified device is allocated or if the device is a nonallocatable device, this option will fail. If no device is specified, the command is applied to all allocatable devices.

FILES

/etc/security/device_allocate

Mandatory access control file for devices.

/etc/security/device_maps

List of physical devices associated with a device name and type.

/etc/security/dev/*

Device storage area.

/etc/security/lib/*

Directory of device cleaning scripts.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWcsu

SUMMARY OF TRUSTED SOLARIS CHANGES

To run successfully, deallocate requires the file_chown, file_dac_read, file_mac_read, file_setdac, and sys_audit privileges. In addition, the -F option and the new -R option require the trusted path attribute.

DIAGNOSTICS

deallocate returns a non-zero exit status in the event of an error.

SEE ALSO

Trusted Solaris 7 Reference Manual

allocate(1M), device_allocate(4), device_maps(4)

SunOS 5.7 Reference Manual

attributes(5)

Trusted Solaris 7  Last Revised 31 Mar 1997

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | FILES | ATTRIBUTES | SUMMARY OF TRUSTED SOLARIS CHANGES | DIAGNOSTICS | SEE ALSO