The Allocate Device authorization enables users to allocate a device and to specify the label to associate with information imported from it, or exported to it.
However, site security policy may require that you create separate authorizations for devices that are allocated from the trusted path and devices that are allocated without the trusted path. The following table shows an example:
Table 12-2 Requiring Separate Authorizations for Local and Remote Device Use
Device Name: cdrom_0 |
For Allocations From: Trusted Path Allocatable By: Authorized Users Authorizations: solaris.device.cdrom.local |
For Allocations From: Non-Trusted Path Allocatable By: Authorized Users Authorizations: solaris.device.cdrom.remot |
Alternatively, a site can allow a device to be allocatable only during local login sessions.
Table 12-3 Specifying Only Local Allocation of the Audio Device
Device Name: audio |
For Allocations From: Trusted Path Allocatable By: Authorized Users Authorizations: solaris.device.allocate |
For Allocations From: Non-Trusted Path Allocatable By: No users |
For added security around device allocation, the Security Administrator role can create a new allocate authorization, such as Allocate Remote Device. See "Adding New Authorizations" and do "To Add an Authorization to the Environment".
The security administrator decides who can allocate devices. The security administrator should make sure that any user who is authorized to use devices is trained and can be trusted to do the following:
Properly label and handle any media containing exported sensitive information so that it does not become available to anyone who should not see it.
For example, if information at a label of NEED TO KNOW ENGINEERING
is stored on a floppy disk, the person who exports the information must physically label the disk with the NEED TO KNOW ENGINEERING
label and store
the disk where it is accessible only to members of the engineering group with a need to know.
Ensure that labels are properly maintained on any information being imported (read) from media on these devices.
An authorized user should allocate the device at the label that matches the label of the information being imported. For example, if a user allocates a floppy drive at PUBLIC
, the user should only import information labeled PUBLIC
.
The Security Administrator role also is responsible for enforcing proper compliance with the above-mentioned requirements.
As shown in Table 12-5, an allocatable device is in an error state if its ancillary file is owned by user bin and group bin with a device special file mode of 0100 and label of ADMIN_HIGH. One way that a device can be put into an allocate error state is by the device_clean(1M) scripts. A device-clean script puts a device into the allocate error state during deallocation until the user responds to prompts from the script and removable media is ejected. A role with the Reclaim or Revoke authorization can use the Device Allocaiton Manager to reclaim devices from the error state.