Oracle® Solaris 11 Security Guidelines

Exit Print View

Updated: August 2014

How to Remove Power Management Capability From Users

Use this procedure to prevent users on the console of a system from suspending the system or powering it down. This software solution is not effective if the system hardware can be unplugged by the console user.

Before You Begin

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

  1. Review the contents of the Console User rights profile.
    % profiles -p "Console User" info
    	name=Console User
    	desc=Manage System as the Console User
    	profiles=Suspend To RAM,Suspend To Disk,Brightness,CPU Power Management,
                     Network Autoconf User
  2. Create a rights profile that includes any rights in the Console User profile that you want users to retain.

    For instructions, see How to Create a Rights Profile in Securing Users and Processes in Oracle Solaris 11.2 .

  3. Comment out the Console User rights profile in the /etc/security/policy.conf file.
    #CONSOLE_USER=Console User
  4. Assign the rights profile that you created in Step 2.
    • If you have many users that share a rights profile, setting this value in a rights profile can be a scalable solution.

      # usermod -P shared-profile username
    • You can also assign the profile per system in the policy.conf file.

      # pfedit /etc/security/policy.conf...
      #PROFS_GRANTED=Basic Solaris User
      PROFS_GRANTED=shared-profile,Basic Solaris User

See also

For more information, see policy.conf File in Securing Users and Processes in Oracle Solaris 11.2 and the policy.conf(4) and usermod(1M) man pages.