Controlling access to devices
RBAC provides a mechanism to further control access to devices. A system administrator can specify the privileges that are required to open a device in read mode or write mode.
For example, write access to a DVD writer can be controlled with
the PV_DEV_CONFIG privilege so that only processes which have this
privilege can create DVDs.
- To add a device to the device database, run the following command:
setsecattr –d readprivs=privileges writeprivs=privileges device_name