# udev scsi/usb permissions not applying

## manny15

I'm having trouble with the permissions for sr0 and sg0. cdrecord cannot access the device because the permissions are set to root:root instead of root:cdrw/root:cdrom as specified in the permissions file. Once I change the group manually on the devices, cdrecord/cdrdao works fine.

/etc/udev/permissions.d/50-udev.permissions 

```

# optical devices

sr*:root:cdrom:660

sg*:root:cdrw:0660

```

I read in another post the the permissions file is no longer used. If so, how are permission adjusted? Any ideas?

----------

## manny15

Ok, I'll answer my own question.

```

BUS="scsi", KERNEL="sg*", NAME="%k", GROUP="cdrw"

BUS="scsi", KERNEL="sr*", SYSFS{model}="CDRW9602EXT-B", NAME="%k", GROUP="cdrw" 

SYMLINK="cdrw cdroms/cdrw"

```

Notice the GROUP option.

----------

## enkil

I have a similar problem.

I want /dev/hdc and /dev/hdd to be owned by group cdrw and set permissions to 0660. Following the udev-rules guide, I set up a /etc/dev/rules.d/10-local.rules containing:

```
KERNEL="hdc", GROUP="cdrw", MODE="0660"

KERNEL="hdd", GROUP="cdrw", MODE="0660"
```

and ran udevstart. But the permissions remain the same:

```
[ root@sphere /etc/udev/rules.d ] ls -la /dev/hdc

brw-r-----  1 root disk 22, 0 Aug 11 22:39 /dev/hdc
```

I guess some other rule is changing the permissions back after they get applied. I don't know which rule to edit. As I read that udev processes rules lexically, I won't be able to add a "final" rule, that gets processed after all other rules, that sets ownership/permission correctly?

I don't want hd* to be owned by cdrw, only hdc and hdd. 

Thanks in advance...

----------

## manny15

I think that's because new udev versions (aka sys-fs/udev-064-r1) adjust permissions for cdrom devices using/etc/udev/scripts/cdsymlinks.sh. Well, that's what I think. I don't know how flexible that script is  :Sad: 

----------

## Jeremy_Z

The problem is that it looks like 2 rules are matching somehow and udev make a mess.

When i plug my usb/cdrom i have sr0 with disk group and sg0 with root group coming in. Symlinks (dvd/cdrom/cdrw) are pointing to sr0. Adding the local rule :

```

BUS=="scsi", SYSFS{model}=="SCB-2408        ", NAME="%k", SYMLINK="dvd cdrom cdrw", GROUP="cdrom"

```

This ID my drive and set the correct permission for sg0 (but sr0 is still in disk group) and for some reasons i got two sets of sylinks pointing to sr0 and none pointing to sg0 ... ??

Now i could burn with sg0 ? well k3b doesn't agree with that, it says it can't find any suitable device. K3B setup mention both sg0 and sr0 being my Asus burner, and says permissions on sg0 require while it would change sr0to cdrom group and chmod 660 instead of 640.

Now any attempt to override udev rules affecting sr0 have failed : something like KERNEL="sr0", NAME="asus", SYMLINK="toto", GROUP="cdrom" would just makes fun of me with :

```

udevtest /sys/block/sr0/ block

udevtest.c: looking at device '/block/sr0/' from subsystem 'block'

udevtest.c: opened class_dev->name='sr0'

udev_rules.c: reset symlink list

udev_rules.c: rule applied, added symlink 'toto'

udev_rules.c: add symlink 'toto'

udev_rules.c: rule applied, 'sr0' becomes 'asus'

udev_rules.c: rule applied, added symlink ' cdrom1 cdrw1 dvd1  '

udev_rules.c: add symlink 'cdrom1'

udev_rules.c: add symlink 'cdrw1'

udev_rules.c: add symlink 'dvd1'

udev_add.c: creating device node '/dev/sr0', major = '11', minor = '0', mode = '0640', uid = '0', gid = '6'

```

Why the local rule can't mask the udev rules ?

Any idea ?

OK. After some readings elsewhere i found out that GROUP:="cdrom" overrides futur matching rules (with := ) so i could figure out how to makes it work .. finally.

----------

## enkil

Okay, I think I found a workaround. I edited /etc/udev/rules.d/50-udev.rules and edited

```
# cdrom symlinks and other good cdrom naming

BUS=="ide",     KERNEL=="hd[a-z]", ACTION=="add", IMPORT="/sbin/cdrom_id --export $tempnode"

BUS=="scsi",    KERNEL="sr[0-9]*", ACTION=="add", IMPORT="/sbin/cdrom_id --export $tempnode"

BUS=="scsi",    KERNEL="scd[a-z]", ACTION=="add", IMPORT="/sbin/cdrom_id --export $tempnode"

ENV{ID_CDROM}=="?*",            SYMLINK+="cdrom%e", GROUP="cdrom"

ENV{ID_CDROM_CD_RW}=="?*",      SYMLINK+="cdrw%e"

ENV{ID_CDROM_DVD}=="?*",        SYMLINK+="dvd%e"

ENV{ID_CDROM_DVD_R}=="?*",      SYMLINK+="dvdrw%e"
```

into

```
# cdrom symlinks and other good cdrom naming

BUS=="ide",     KERNEL=="hd[a-z]", ACTION=="add", IMPORT="/sbin/cdrom_id --export $tempnode"

BUS=="scsi",    KERNEL="sr[0-9]*", ACTION=="add", IMPORT="/sbin/cdrom_id --export $tempnode"

BUS=="scsi",    KERNEL="scd[a-z]", ACTION=="add", IMPORT="/sbin/cdrom_id --export $tempnode"

ENV{ID_CDROM}=="?*",            SYMLINK+="cdrom%e", GROUP="cdrom"

ENV{ID_CDROM_CD_RW}=="?*",      SYMLINK+="cdrw%e", GROUP="cdrw"

ENV{ID_CDROM_DVD}=="?*",        SYMLINK+="dvd%e"

ENV{ID_CDROM_DVD_R}=="?*",      SYMLINK+="dvdrw%e", GROUP="cdrw"
```

But I somehow think this isn't the way it's supposed to be done?

When I create 10-local.rules and add the exact same rules, it gets overridden again. So I added it to a 51-local.rules and now the permission applied. I hope it's still right when I reboot.

----------

## Jeremy_Z

The GROUP is set after the last matching rule is found, so if you want to set rule in 10-local.rules you have to use GROUP:="mygroup" instead of GROUP="mygroup" which tells udev not to override it.

----------

## enkil

Works, indeed. Thanks a lot  :Smile: 

----------

