Writing Udev Rules

Udev is a system on Linux to create the device files in /dev every time the system boots. It used to be that these files were permanent, but no longer. As the amount of hardware that can be attached to a Linux system increases a new method of creating the device files had to be found, especially as many people only have a limited sub-set of all the devices and didn't want or need so many unused device files hanging around in /dev.

At work we run Suse Linux Enterprise Server on a couple of boxes and one of these is used as our DVD burning station. It has a huge set of discs and a decent DVD burner attached - so it gets a lot of use.

We login to this box as a specific user and this user is a member of the disk group.

At boot time, the DVD devices are owned by root:disk but only the owner, root, has the ability to write to these devices. This is a tad unfortunate because we need all members of the disk group to be able to write as well. What to do?

We had a temporary fix in place for a while. It simply involves setting the permissions on the devices to allow the group to write to them:

su - root
chmod g=rw /dev/sr0
chmod g=rw /dev/sr1

However, this is unsuitable as it requires someone in the team to have root privileges and the root password. In addition, it had to be carried out every time we rebooted the box - as this is a Linux server, that doesn't happen all too often, but we have had a few power outages in recent months (for maintenance and rewiring) and the boxes were shut down for their own protection.

A permanent solution was required that did not require a root enabled person to be around after a reboot.

With a little bit of "kernel" hacking and I have a proper permanent fix. (ok, I admit it, I read this document writing udev rules) and the answer was quite simple.

The process does require a root enabled user initially, but after that, and testing of course, the system will automatically set things up correctly after a reboot and no root required.

su - root
cd /etc/udev/rules.d
vi 99-local.rules

The '99' prefix has to be the highest in the directory. The file we are about to create must be run after all the current files. Well, at least after file 50-udev-default.rules which does the default setting up.

The contents of the above file should be as follows, well, you don't need the comments just the last two lines.

# Make sure that udev gives the disk group write access to the two DVD Writers
# Norman Dunbar
# 12 May 2009.
# Basically, what the following says is:
# If the kernel subsystem is "block" (for block devices being attached) THEN
# If the kernel has assigned the device /dev/sr0 or /dev/sr1 THEN
#       chmod g=rw,u=rw,o= /dev/sr*
#       ln -s /dev/dvd_internal /dev/sr0
#       ln -s /dev/dvd_esternal /dev/sr1
#       chgrp disk /dev/sr*
# So now, after a reboot (or indeed, after a call to udevtrigger) the devices
# /dev/sr0 and /dev/sr1 will belong to the disk group, have group members able to write
# and will have an additional sym-link to /dev/dvd_internal (for the built in DVD) or
# /dev/dvd_external for the USB attached DVD writer.
# By the way, this file has the highest number in the /etc/udev/rules.d directory because
# it has to be run AFTER all the system setting up or our chnages will be overwritten.

SUBSYSTEM=="block", KERNEL=="sr0", MODE="0660", SYMLINK+="dvd_internal", GROUP="disk"
SUBSYSTEM=="block", KERNEL=="sr1", MODE="0660", SYMLINK+="dvd_external", GROUP="disk"

The "GROUP=" settings are not really required because the 50-udev-default.rules file should have set that already but I noticed in testing, one occasion whereby the device did come up as being owned by root:root rather than root:disk. Very very strange. I have added the "GROUP=" setting to prevent this as only those accounts in the disk group are the ones we want to be writing to the devices and if the group is suddenly root then we are a tad stuffed!

Now, whenever the system reboots, the above file is executed and the permissions on the two DVD devices are set to allow group members to write to it, plus, a handy pair of links are set up to /dev/dvd_internal and /dev/dvd_external for the internal and external DVD devices.

If, at any time you want to change the details in this file, you need to be root and you should run a udevtrigger command to make the changes stick. Note that there is a delay of a few seconds between the udevtrigger command running and the changes appearing for the devices - as the following shows.

# udevtrigger

# ll /dev/sr*
brw-r----- 1 root disk 11, 0 May  5 08:25 /dev/sr0
brw-r----- 1 root disk 11, 1 May  5 08:27 /dev/sr1

# ll /dev/sr*
brw-rw---- 1 root disk 11, 0 May  5 08:25 /dev/sr0
brw-rw---- 1 root disk 11, 1 May  5 08:27 /dev/sr1

Nothing was executed between the two ll /dev/sr* commands above, but you can see where the group privileges have changed from read only to read-write.

  • linux/udev/start.txt
  • Last modified: 2009/05/12 10:56
  • by norman