SunSHIELD Basic Security Module Guide

Using the Device-Allocation Utilities

This section describes what the administrator can do with the options to allocate, deallocate, and list_devices that are usable only by root. The commands are detailed on their respective man pages.

allocate -F device_special_filename

Reallocates the specified device. This option is often used with the -U option to reallocate the specified device to the specified user. Without the -U option, the device is allocated to root.

allocate -U username

Causes the device to be allocated to the user specified rather than to the current user. This option allows you to allocate a device for another user while you are root, without having to assume that user's identity.

deallocate -F device_special_filename

Devices that a user has allocated are not automatically deallocated when the process terminates or when the user logs out. When a user forgets to deallocate a tape drive, you can force deallocation using the -F option while you are root.

deallocate -I

Forces deallocation of all allocatable devices. This option should only be used at system initialization.


Run list_devices to get a listing of all the device-special files that are associated with any device listed in the device_maps file.

list_devices -U username

List the devices that are allocatable or allocated to the user ID associated with the specified user name. This allows you to check which devices are allocatable or allocated to another user while you are root.