The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

device_allocate (4)
  • >> device_allocate (4) ( Solaris man: Специальные файлы /dev/* )
  •  

    NAME

    device_allocate - device_allocate file
     
    

    SYNOPSIS

    /etc/security/device_allocate
    

     

    DESCRIPTION

    The device_allocate file is an ASCII file that resides in the /etc/security directory. It contains mandatory access control information about each physical device. Each device is represented by a one- line entry of the form:

    device-name;device-type;reserved1;reserved2;auths;device-exec

    where:

    device-name

    Represents an arbitrary ASCII string naming the physical device. This field contains no embedded white space or non-printable characters.

    device-type

    Represents an arbitrary ASCII string naming the generic device type. This field identifies and groups together devices of like type. This field contains no embedded white space or non-printable characters. The following types of devices are currently managed by the system: audio, sr (represents CDROM drives), fd (represents floppy drives), st (represents tape drives), rmdisk (removable media devices).

    reserved1

    On systems configured with Trusted Extensions, this field stores a colon-separated (:) list of key-value pairs that describe device allocation attributes used in Trusted Extensions. Zero or more keys can be specified. The following keys are currently interpreted by Trusted Extensions systems:

    minlabel

    Specifies the minimum label at which device can be allocated. Default value is admin_low.

    maxlabel

    Specifies the maximum label at which device can be allocated. Default value is admin_high.

    zone

    Specifies the name of the zone in which device is currently allocated.

    class

    Specifies a logical grouping of devices. For example, all Sun Ray devices of all device types. There is no default class.

    xdpy

    Specifies the X display name. This is used to identify devices associated with that X session. There is no default xdpy value.

    reserved2

    Represents a field reserved for future use.

    auths

    Represents a field that contains a comma-separated list of authorizations required to allocate the device, an asterisk (*) to indicate that the device is not allocatable, or an '@' symbol to indicate that no explicit authorization is needed to allocate the device. The default authorization is solaris.device.allocate. See auths(1).

    device-exec

    The physical device's data clean program to be run any time the device is acted on by allocate(1). This ensures that unmanaged data does not remain in the physical device between uses. This field contains the filename of a program in /etc/security/lib or the full pathname of a cleanup script provided by the system administrator.

     

    Notes on device_allocate

    The device_allocate file is an ASCII file that resides in the /etc/security directory.

    Lines in device_allocate can end with a `\' to continue an entry on the next line.

    Comments can also be included. A `#' makes a comment of all further text until the next NEWLINE not immediately preceded by a `\'.

    White space is allowed in any field.

    The device_allocate file must be created by the system administrator before device allocation is enabled.

    The device_allocate file is owned by root, with a group of sys, and a mode of 0644.  

    EXAMPLES

    Example 1 Declaring an Allocatable Device

    Declare that physical device st0 is a type st. st is allocatable, and the script used to clean the device after running deallocate(1) is named /etc/security/lib/st_clean.

    # scsi tape
    st0;\
        st;\
        reserved;\
        reserved;\
        solaris.device.allocate;\
        /etc/security/lib/st_clean
    

    Example 2 Declaring an Allocatable Device with Authorizations

    Declare that physical device fd0 is of type fd. fd is allocatable by users with the solaris.device.allocate authorization, and the script used to clean the device after running deallocate(1) is named /etc/security/lib/fd_clean.

    # floppy drive
    fd0;\
        fd;\
        reserved;\
        reserved;\
        solaris.device.allocate;\
        /etc/security/lib/fd_clean
    

    Making a device allocatable means that you need to allocate and deallocate it to use it (with allocate(1) and deallocate(1)). If a device is not allocatable, there is an asterisk (*) in the auths field, and no one can use the device.  

    FILES

    /etc/security/device_allocate

    Contains list of allocatable devices

     

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE

    Interface StabilityUncommitted

     

    SEE ALSO

    auths(1), allocate(1), bsmconv(1M), deallocate(1), list_devices(1), auth_attr(4), attributes(5)  

    NOTES

    The functionality described in this man page is available only if Solaris Auditing has been enabled. See bsmconv(1M) for more information.

    On systems configured with Trusted Extensions, the functionality is enabled by default. On such systems, the device_allocate file is updated automatically by the system.


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    Notes on device_allocate
    EXAMPLES
    FILES
    ATTRIBUTES
    SEE ALSO
    NOTES


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру