Setting Up Lock Files
The lock files are zero-length files created in /etc/security/dev -- one for each allocatable device.
If no lock file exists for an allocatable device, the device cannot be allocated, and no one can access the device.
How to Set Up Lock Files for a Device to Be Made Allocatable
-
Use the dminfo command to get the device name for the device from its entry in the device_maps file.
See "The device_maps File" and the dminfo(1M) and device_maps(4) man pages. For example, the device name for device type st is st0. Use the device name as the name of the lock file.
-
Use the touch command to create an empty lock file for the device, using the device name.
untouchable# cd /etc/security/dev untouchable# touch device-name untouchable# chmod 600 device-name untouchable# chown bin device-name untouchable# chgrp bin device-name
How the Allocate Mechanism Works
This section shows an example of how the allocate mechanism works.
The allocate command first checks for the presence of a lock file under the device name for the specified device in the /etc/security/dev directory. If the file is owned by allocate, then the ownership of the lock file is changed to the name of the user entering the allocate command.
The allocate command then checks for an entry for the device in the device_allocate file, and checks whether the entry shows the device as allocatable.
The first listing in the screen example below shows that a lock file exists with owner bin, group bin, and mode 600 for the st0 device in /etc/security/dev. The second listing shows that the associated device-special files are set up properly, with owner bin, group bin, and mode 000:
untouchable% ls -lg /etc/security/dev/st0 -rw------- 1 bin bin 0 Dec 6 15:21 /etc/security/dev/st0 untouchable% ls -lg /devices/sbus@1,f8000000/esp@0,800000 c--------- 1 bin bin 18, 4 May 12 13:11 st@4,0: c--------- 1 bin bin 18, 20 May 12 13:11 st@4,0:b c--------- 1 bin bin 18, 28 May 12 13:11 st@4,0:bn c--------- 1 bin bin 18, 12 May 12 13:11 st@4,0:c . . . c--------- 1 bin bin 18, 0 May 12 13:11 st@4,0:u c--------- 1 bin bin 18, 16 May 12 13:11 st@4,0:ub c--------- 1 bin bin 18, 24 May 12 13:11 st@4,0:ubn c--------- 1 bin bin 18, 8 May 12 13:11 st@4,0:un |
In this screen, user vanessa allocates device st0.
untouchable% whoami vanessa untouchable% allocate st0 |
When the user vanessa enters the allocate command to allocate the tape st0, allocate first checks for the existence of an /etc/security/dev/st0 file. If no lock file existed or if the lock file were owned by a user other than allocate, then the device would not be allocatable by vanessa.
If it finds the lock file for the device with the correct ownership and permissions, the allocate command then checks to make sure the device has an entry in the device_allocate file and that the entry specifies that the device is allocatable.
In this example, the default device_allocate entry for the st0 device specifies that the device is allocatable. Because the allocate command finds that all the above conditions are met, the device is allocated to vanessa.
The allocate command changes the ownership and permissions of the device-special files associated with the device in the /dev directory. To allocate the st0 device to vanessa, the mode on its associated device-special files is changed to 600 and the owner is changed to vanessa.
The allocate command also changes the ownership of the lock file associated with the device in the /etc/security/dev directory. To allocate the st0 device to vanessa, the owner of /etc/security/dev/st0 is changed to vanessa.
After the user vanessa executes the allocate command using the device name st0, the following screen example shows that the owner of /etc/security/dev is changed to vanessa and that the owner of the associated device-special files is now vanessa as well, and that vanessa now has permission to read and write the files.
- © 2010, Oracle Corporation and/or its affiliates