Contains security attributes for privileged devices.
The /etc/security/privdevs file is an ASCII stanza file that contains privileged devices and their security attributes. Each stanza in the /etc/security/privdevs file is identified by the full path name to the device, followed by a colon (:). Each stanza contains attributes in the Attribute=Value form. The path name must be the absolute path to the device and cannot contain symbolic link directories or be a symbolic link to the device. Each Attribute=Value pair is ended by a newline character, and each stanza is ended by an additional newline character. For an example of a stanza, see Examples.
Changes made to the privdevs file do not impact security considerations until the entire privileged device database is sent to the Kernel Security Tables through the setkst command or until the system is rebooted.
Modifying and Listing Entries in the devices File
A stanza in this file contains one or more of the following security attributes:
Attribute | Description |
---|---|
readprivs | Specifies the privileges required to read from the device as a comma-separated list of privilege names. You can define a maximum of eight privileges. A process with any of the specified read privileges can read from the device. |
writeprivs | Specifies the privileges required to write to the device as a comma-separated list of privilege names. You can define a maximum of eight privileges. A process with any of the specified write privileges can write to the device. |
The root user and the security group own this file. Read and write access is granted to the root user. Access for other users and groups depends on the security policy for the system.
/dev/mydev:
readprivs = PV_DAC_R,PV_AU_READ
writeprivs = PV_DAC_W,PV_AU_WRITE
This entry indicates
that the process must have either the PV_DAC_R privilege
or the PV_AU_READ privilege to read from the device. The
process also must have either the PV_DAC_W privilege or the PV_AU_WRITE privilege to write to the device.