|
|
Adaptive Security Architecture Principles
|
|
allocate(1) allocate(1) NAME
allocate - device allocation SYNOPSIS
allocate [-s] [-U uname] device allocate [-s] [-U uname] -g dev-type allocate [-s] [-U uname] -F device The allocate utility manages the ownership of devices through its allocation mechanism. It ensures that each device is used by only one qualified user at a time. The device argument specifies the device to be manipulated. To preserve the integrity of the device's owner, the allocate operation is exe- cuted on all the device special files associated with that device. The argument dev-type is the device type to be operated on and can only be used with the -g option. The default allocate operation allocates the device special files associated with device to the uid of the current process. If the -F option is specified, the device cleaning program is executed when allocation is performed. This cleaning program is found in /etc/security/lib. The name of this program is found in the device_allocate(4) entry for the device in the dev-exec field. Only authorized users may allocate a device. The required authorizations are specified in device_allocate(4). The following options are supported: -g dev-type Allocates a non-allocated device with a device-type matching dev-type. -s Silent. Suppresses any diagnostic output. -F device Reallocates the device allocated to another user. This option is often used with -U to reallocate a specific device to a specific user. Only a user with the solaris.device.revoke authorization is permitted to use this option. -U uname Uses the user ID uname instead of the user ID of the current process when performing the allocate operation. Only a user with the solaris.device.revoke authorization is permitted to use this option. The following exit values are returned: non--zero An error occurred. /etc/security/device_allocate /etc/security/device_maps /etc/security/dev/* /etc/security/lib/* See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ deallocate(1), list_devices(1), bsmconv(1M), dminfo(1M), mkdevalloc(1M), mkdevmaps(1M), device_allocate(4), device_maps(4), attributes(5) The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information. /etc/security/dev, mkdevalloc(1M), and mkdevmaps(1M) might not be supported in a future release of the Solaris Operating Environment. 28 Mar 2005 allocate(1)
