Disable cdrom/dvd RHEL 6.2 for non-root users

Latest response

What is the best practice to disable the cdrom/dvd for non-root users?

I was able to move/rename the cdrom.ko file in RHEL 5, but RHEL 6 this does not work!

Responses

Please try

echo "blacklist sr_mod" >> /etc/modprobe.d/blacklist-sr_mod.conf

After reboot, the sr_mod driver will not initialize.

The root user can circumvent this by

/sbin/modprobe sr_mod

Please let us know if this works for you.

Well, if 'users' parameter not added in the mount line of cd/dvd then only root user would be allowed, other non-root users would fail to mount those device.

I'm running 6.9 and putting blacklist sr_mod in a modprobe conf file is not working. I also tried adding blacklist sr_mod /bin/true and that didn't help. Has anyone been successful in blocking this .ko ?

RHEL 7

I made a polkit rule based on [this Red Hat solution https://access.redhat.com/articles/3148751

Only members of a specific group are allowed.