How to Remove Power Management Capability From Users

Language:

Use this procedure to prevent users on the console of a system from suspending the system or powering it down. This software solution is not effective if the system hardware can be unplugged by the console user.

Before You Begin

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

Review the contents of the Console User rights profile.

% profiles -p "Console User" info
	name=Console User
	desc=Manage System as the Console User
	auths=solaris.system.shutdown,solaris.device.cdrw,
              solaris.smf.manage.vbiosd,solaris.smf.value.vbiosd
	profiles=Suspend To RAM,Suspend To Disk,Brightness,CPU Power Management,
                 Network Autoconf User
	help=RtConsUser.html

Create a rights profile that includes any rights in the Console User profile that you want users to retain.
For instructions, see How to Create a Rights Profile in Securing Users and Processes in Oracle Solaris 11.2 .
Comment out the Console User rights profile in the /etc/security/policy.conf file.
```
#CONSOLE_USER=Console User
```
Assign the rights profile that you created in Step 2.
- If you have many users that share a rights profile, setting this value in a rights profile can be a scalable solution.
```
# usermod -P shared-profile username
```
- You can also assign the profile per system in the policy.conf file.
```
# pfedit /etc/security/policy.conf...
#PROFS_GRANTED=Basic Solaris User
PROFS_GRANTED=shared-profile,Basic Solaris User
```

See also

For more information, see policy.conf File in Securing Users and Processes in Oracle Solaris 11.2 and the policy.conf(4) and usermod(1M) man pages.