Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
20.  Writing CDs (Tasks) Writing Data and Audio CDs  Previous   Contents   Next 
   
 

Restricting User Access to Removable Media with RBAC

By default, all users can access removable media in the Solaris 9 release. However, you can restrict user access to removable media by setting up a role through role based access control (RBAC). Access to removable media is restricted by assigning the role to a limited set of users.

For a discussion of using roles, see "Roles" in System Administration Guide: Security Services.

How to Restrict User Access to Removable Media with RBAC

  1. Become superuser or assume an equivalent role.

  2. Start the Solaris Management Console.

    $ /usr/sadm/bin/smc &

    For more information on starting the console, see "How to Start the Solaris Management Console in a Name Service Environment".

  3. Set up a role that includes the Device Management rights.

    For more information, see "How to Create a Role Using the Administrative Roles Tool" in System Administration Guide: Security Services.

  4. Add users who need to use the cdrw command to the newly created role.

  5. Comment the following line in the /etc/security/policy.conf file.

    AUTHS_GRANTED=solaris.device.cdrw

    If you do not do this step, all users still have access to the cdrw command, not just the members of the device management role.

    After this file is modified, the device management role members are the only users who can use the cdrw command. Everyone else is denied access with the following message:

    Authorization failed, Cannot access disks.

How to Identify a CD Writer

Use the cdrw -l command to identify the CD writers on the system.

% cdrw -l
Looking for CD devices...
    Node              |    Connected Device            |  Device type
----------------------+--------------------------------+-----------------
 cdrom0               | YAMAHA   CRW8424S         1.0d | CD Reader/Writer

If you want to use a specific CD writer, use the -d option. For example:

% cdrw -a filename.wav -d cdrom2

Use the cdrw -M command to to identify whether the media is blank or whether there is an existing table of contents.

% cdrw -M

Device : YAMAHA   CRW8424S        
Firmware : Rev. 1.0d (06/10/99)
Media is blank
%

How to Check the CD Media

The cdrw command works with or without vold running. However, you must have superuser or role access to stop and start the vold daemon.

  1. Insert a CD into the CD-RW device.

    The CD can be any CD that the device can read.

  2. Check that the CD-RW drive is connected properly by listing the device.

    $ cdrw -l
 Looking for CD devices...
    Node                   Connected Device                Device type
----------------------+--------------------------------+-----------------
 cdrom1               | YAMAHA   CRW8424S         1.0d | CD Reader/Writer

  3. (Optional) If you do not see the drive in the list, you might have to do a reconfiguration boot so that the system recognizes the device.

    # touch /reconfigure
# init 6

    Or, use the following commands to add the CD-RW device without rebooting the system.

    # drvconfig
# disks

    Then restart vold.

    # /etc/init.d/vold stop
# /etc/init.d/vold start

Creating a Data CD

Prepare the data first by using the mkisofs command to convert the file and file information into the High Sierra format used on CDs.

How to Create an ISO 9660 File System for a Data CD

  1. Insert a blank CD into the CD-RW device.

  2. Create the ISO 9660 file system on the new CD.

    % mkisofs -r /pathname > cd-file-system

    -r

    Creates Rock Ridge information and resets file ownerships to zero.

    /pathname

    Identifies the pathname used to create the ISO 9660 file system.

    > cd-file-system

    Identifies the name of the file system to be put on the CD.

  3. Copy the CD file system onto the CD.

    % cdrw -i cd-file-system

    -i cd-file-system

    Specifies the image file for creating a data CD.

Example--Creating an ISO 9660 File System for a Data CD

The following example shows how to create a ISO 9660 file system for a data CD.

% mkisofs -r /home/dubs/ufs_dir > ufs_cd
Total extents actually written = 56
Total translation table size: 0
Total rockridge attributes bytes: 329
Total directory bytes: 0
Path table size(bytes): 10
Max brk space used 8000
56 extents written (0 Mb)

Then copy the CD file system onto the CD. For example:

% cdrw -i ufs_cd
Initializing device...done.
Writing track 1...done.
Finalizing (Can take several minutes)...done.

How to Create a Multi-Session Data CD

This procedure describes how to put more than one session on the CD. This procedure includes an example of copying the infoA and infoB directories onto the CD.

  1. Create the file system for the first CD session.

    % mkisofs -o infoA -r -V my_infoA /data/infoA
Total translation table size: 0
Total rockridge attributes bytes: 24507
Total directory bytes: 34816
Path table size(bytes): 98
Max brk space used 2e000
8929 extents written (17 Mb)

    -o infoA

    Identifies the name of the ISO file system.

    -r

    Creates Rock Ridge information and resets file ownerships to zero.

    -V my_infoA

    Identifies a volume label to be used as the mount point by vold.

    /data/infoA

    Identifies the ISO image directory to create.

  2. Copy the ISO file system for the first session onto the CD.

    $ cdrw -iO infoA
Initializing device...done.
Writing track 1...done.
done. 
Finalizing (Can take several minutes)...done.

    -i infoA

    Identifies the name of the image file to write to the CD.

    -O

    Keeps the CD open for writing.

  3. Re-insert the CD after it is ejected.

  4. Identify the pathname of the CD media to include in the next write session.

    % eject -n
.
.
.
cdrom0 -> /vol/dev/rdsk/c2t4d0/my_infoA

    Note the /vol/dev/... pathname.

  5. Identify the next writeable address on the CD to write the next session.

    cdrw -M /cdrom
Device : YAMAHA   CRW8424S        
Firmware : Rev. 1.0d (06/10/99)

Track No. |Type    |Start address
----------+--------+-------------
 1        |Audio   |0
 2        |Audio   |33057
 3        |Data    |60887
 4        |Data    |68087
 5        |Data    |75287
Leadout   |Data    |84218

Last session start address: 75287
Next writable address: 91118

    Note the address in the Next writable address: output so you can provide this when you write the next session.

  6. Create the next ISO file system for the next CD session and write it onto the CD.

    mkisofs -o infoB -r -C 0,91118 -M /vol/dev/rdsk/c2t4d0/my_infoA /data/infoB 
Total translation table size: 0
Total rockridge attributes bytes: 16602
Total directory bytes: 22528
Path table size(bytes): 86
Max brk space used 20000
97196 extents written (189 Mb)

    -o infoB

    Identifies the name of the ISO file system.

    -r

    Creates Rock Ridge information and resets file ownerships to zero.

    -C 0,91118

    Identifies the starting address of the first session and the next writable address.

    -M /vol/dev/rdsk/c2t4d0/my_infoA

    Specifies the path of the existing ISO image to be merged.

    /data/infoB

    Identifies the ISO image directory to create.

 		 
 
  Previous   Contents   Next