How to Restrict User Access to Removable Media with RBAC

Steps

1. Become superuser or assume an equivalent role.

2. Start the Solaris Management Console.

   $ /usr/sadm/bin/smc &

   For more information on starting the console, see Starting the Solaris Management Console in System Administration Guide: Basic Administration.

3. Set up a role that includes the Device Management rights.

   For more information, see Chapter 6, Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

4. Add users who need to use the cdrw command to the newly created role.

5. Comment the following line in the /etc/security/policy.conf file.

   AUTHS_GRANTED=solaris.device.cdrw

   If you do not do this step, all users still have access to the cdrw command, not just the members of the device management role.

   After this file is modified, the device management role members are the only users who can use the cdrw command. Everyone else is denied access with the following message:

   Authorization failed, Cannot access disks.