Solaris System Device Access Permissions

Solaris is shipped with appropriate permissions assigned to device files such as disk drives, tape drives, and memory. These permissions are discussed here.

A word should be said for Sun’s method of indirect references to commonly used devices. For instance, typical disk devices are referenced by SCSI controller and device number, such as

/dev/dsk/c0t3d0s0

This example signifies a disk device, controller 0, SCSI target 3, disk 0, slice 0. But examination of this file shows that it is not a device file, but instead a logical link to the file named

../../devices/iommu@f,e0000000/sbus@f,e0001000/espdma@f,400000/esp@f,800000/sd@3,0:a
Permissions of this file (in ls -l format) are brw-r—– 1 root sys.

Warning

Under no circumstance should the permissions of a disk device be changed. A change could result in an entire filesystem being readable or writable by everyone.


Tape drive device permissions are looser, as tape drives are by default considered to be accessible by all users. Permissions of tape drives (in ls -l format) are crw-rw-rw- 1 root sys. For a production environment, tape device permissions should be tightened so that only the userid actually performing backups will have read and write permissions to relevant tape drive devices.

Solaris memory devices are /dev/mem and /dev/kmem. These devices are logical links to ../../devices/pseudo/mm@0:mem and ../../devices/pseudo/mm@0: kmem, respectively. Permissions for these devices (in ls -l format) are crw-r—– root sys.

Warning

Under no circumstance should the permissions of a memory device be changed. A change could result in process table and device buffer information being readable or writable by everyone.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA *