Each allocatable device has an ancillary file, which is a zero-length file in /etc/security/dev. The ancillary file is also referred to as a DAC file because the file must not only exist but its DAC permissions, owner, and group depend on its state.
The following table shows the DAC permissions, owner, and group for each of the possible states:
Table 12-5 Required Ancillary File Characteristics for Devices
Device State |
DAC permissions (mode) |
Owner |
Group |
Label |
---|---|---|---|---|
Allocatable |
0000 |
bin |
bin |
|
Allocated |
0600 |
user |
user's group |
user's process's label |
Error State |
0100 |
bin |
bin |
|