device_allocate File
         
         You can modify the
/etc/security/device_allocate file to change devices
                    from allocatable to nonallocatable, or to add new devices.
               
An entry in the device_allocate file does not mean that the device
is allocatable, unless the entry specifically states that the device is allocatable.
               
In the device_allocate file, each device is represented by a
one-line entry in the following format:
               
device-name;device-type;reserved;reserved;auths;device-exec
The following example shows a sample device_allocate file.
               
st0;st;;;;/etc/security/lib/st_clean fd0;fd;;;;/etc/security/lib/fd_clean sr0;sr;;;;/etc/security/lib/sr_clean audio;audio;;;*;/etc/security/lib/audio_clean
Note the asterisk (*) in the fifth field of the audio device entry.
               
Lines in the device_allocate file can end with a backslash
(\) to continue an entry on the next line. Comments can also be included. A pound
sign (#) comments all subsequent text until the next newline that is not
immediately preceded by a backslash. Leading and trailing blanks are allowed in any field. The
fields are defined as follows:
               
- device-name
- 
                     
                     Specifies the name of the device. For a list of current device names, see Viewing Allocation Information About a Device. 
- device-type
- 
                     
                     Specifies the generic device type. The generic name is the name for the class of devices, such as st,fd, andsr. The device-type field logically groups related devices. When you make a device allocatable, retrieve the device name from the device-type field in thedevice_mapsfile.
- 
                        
                     reserved
- 
                     
                     Oracle reserves the two fields that are marked reservedfor future use.
- auths
- 
                     
                     Specifies whether the device is allocatable. An asterisk ( *) in this field indicates that the device is not allocatable. An authorization string, or an empty field, indicates that the device is allocatable. For example, the stringsolaris.device.allocatein the auths field indicates that thesolaris.device.allocateauthorization is required to allocate the device. An at sign (@) in this file indicates that the device is allocatable by any user.
- device-exec
- 
                     
                     Supplies the path name of a script to be invoked for special handling, such as cleanup and object reuse protection during the allocation process. The device-exec script is run any time that the device is acted on by the deallocatecommand.
For example, the following entry for the sr0 device indicates that the
CD-ROM drive is allocatable by a user with the solaris.device.allocate
authorization:
               
sr0;sr;reserved;reserved;solaris.device.allocate;/etc/security/lib/sr_clean
You can decide to accept the default devices and their defined
                    characteristics. After you install a new device, you can modify the entries. Any
                    device that needs to be allocated before use must be defined in the
device_allocate and device_maps
                    files for that device's system. Currently, cartridge tape drives, CD-ROM drives,
                    removable media devices, and audio chips are considered allocatable. These
                    device types have device-clean scripts.
               
Note:
Xylogics and Archive tape drives also use the st_clean script that is
supplied for SCSI devices. You need to create your own device-clean scripts for other devices, such
as terminals, graphics tablets, and other allocatable devices. The script must fulfill object reuse
requirements for that type of device.