Changing Which Devices Can Be Allocated
Device allocation must be enabled for this task to succeed. To enable device
allocation, see Enabling or Disabled Device Allocation. You must assume the root
role.
To change which devices can be allocated, change the fifth field in the device
entry in the device_allocate
file to specify whether
authorization is required, or specify the solaris.device.allocate
authorization.
audio;audio;reserved;reserved;solaris.device.allocate;/etc/security/lib/audio_clean fd0;fd;reserved;reserved;solaris.device.allocate;/etc/security/lib/fd_clean sr0;sr;reserved;reserved;solaris.device.allocate;/etc/security/lib/sr_clean
where solaris.device.allocate
indicates that a user must have
the solaris.device.allocate
authorization to use the
device.
Example 4-2 Permitting Any User to Allocate a Device
In the following example, any user on the system can allocate any
device. The fifth field in every device entry in the
device_allocate
file has been changed to an "at" sign
(@
).
# pfedit /etc/security/device_allocate audio;audio;reserved;reserved;@;/etc/security/lib/audio_clean fd0;fd;reserved;reserved;@;/etc/security/lib/fd_clean sr0;sr;reserved;reserved;@;/etc/security/lib/sr_clean …
Example 4-3 Preventing Some Peripheral Devices From Being Used
In the following example, the audio device cannot be used. The fifth field in
the audio device entry in the device_allocate
file has been
changed to an asterisk (*
).
# pfedit /etc/security/device_allocate audio;audio;reserved;reserved;*;/etc/security/lib/audio_clean fd0;fd;reserved;reserved;solaris device.allocate;/etc/security/lib/fd_clean sr0;sr;reserved;reserved;solaris device.allocate;/etc/security/lib/sr_clean …
Example 4-4 Preventing All Peripheral Devices From Being Used
In the following example, no peripheral device can be used. The fifth field in
every device entry in the device_allocate
file has been
changed to an asterisk (*
).
# pfedit /etc/security/device_allocate audio;audio;reserved;reserved;*;/etc/security/lib/audio_clean fd0;fd;reserved;reserved;*;/etc/security/lib/fd_clean sr0;sr;reserved;reserved;*;/etc/security/lib/sr_clean …