System Administration Guide: Basic Administration

How to Restrict User Access to Removable Media with RBAC

  1. Become superuser or assume an equivalent role.

  2. Start the Solaris Management Console.


    $ /usr/sadm/bin/smc & 
    

    For more information on starting the console, see How to Start the Solaris Management Console in a Name Service Environment.

  3. Set up a role that includes the Device Management rights.

    For more information, see “How to Create a Role by Using the Administrative Roles Tool” in System Administration Guide: Security Services.

  4. Add users who need to use the cdrw command to the newly created role.

  5. Comment the following line in the /etc/security/policy.conf file.


    AUTHS_GRANTED=solaris.device.cdrw

    If you do not do this step, all users still have access to the cdrw command, not just the members of the device management role.

    After this file is modified, the device management role members are the only users who can use the cdrw command. Everyone else is denied access with the following message:


    Authorization failed, Cannot access disks.