device_allocate
File
You can modify the
/etc/security/device_allocate
file to change devices
from allocatable to nonallocatable, or to add new devices.
An entry in the device_allocate
file does not mean that the device
is allocatable, unless the entry specifically states that the device is allocatable.
In the device_allocate
file, each device is represented by a
one-line entry in the following format:
device-name;device-type;reserved;reserved;auths;device-exec
The following example shows a sample device_allocate
file.
st0;st;;;;/etc/security/lib/st_clean fd0;fd;;;;/etc/security/lib/fd_clean sr0;sr;;;;/etc/security/lib/sr_clean audio;audio;;;*;/etc/security/lib/audio_clean
Note the asterisk (*) in the fifth field of the audio
device entry.
Lines in the device_allocate
file can end with a backslash
(\
) to continue an entry on the next line. Comments can also be included. A pound
sign (#
) comments all subsequent text until the next newline that is not
immediately preceded by a backslash. Leading and trailing blanks are allowed in any field. The
fields are defined as follows:
- device-name
-
Specifies the name of the device. For a list of current device names, see Viewing Allocation Information About a Device.
- device-type
-
Specifies the generic device type. The generic name is the name for the class of devices, such as
st
,fd
, andsr
. The device-type field logically groups related devices. When you make a device allocatable, retrieve the device name from the device-type field in thedevice_maps
file. -
reserved
-
Oracle reserves the two fields that are marked
reserved
for future use. - auths
-
Specifies whether the device is allocatable. An asterisk (
*
) in this field indicates that the device is not allocatable. An authorization string, or an empty field, indicates that the device is allocatable. For example, the stringsolaris.device.allocate
in the auths field indicates that thesolaris.device.allocate
authorization is required to allocate the device. An at sign (@
) in this file indicates that the device is allocatable by any user. - device-exec
-
Supplies the path name of a script to be invoked for special handling, such as cleanup and object reuse protection during the allocation process. The device-exec script is run any time that the device is acted on by the
deallocate
command.
For example, the following entry for the sr0
device indicates that the
CD-ROM drive is allocatable by a user with the solaris.device.allocate
authorization:
sr0;sr;reserved;reserved;solaris.device.allocate;/etc/security/lib/sr_clean
You can decide to accept the default devices and their defined
characteristics. After you install a new device, you can modify the entries. Any
device that needs to be allocated before use must be defined in the
device_allocate
and device_maps
files for that device's system. Currently, cartridge tape drives, CD-ROM drives,
removable media devices, and audio chips are considered allocatable. These
device types have device-clean scripts.
Note:
Xylogics and Archive tape drives also use the st_clean
script that is
supplied for SCSI devices. You need to create your own device-clean scripts for other devices, such
as terminals, graphics tablets, and other allocatable devices. The script must fulfill object reuse
requirements for that type of device.