Short Tip: A simple udev rule for burn rights on /dev/sg*

shell.png
udev is a very helpful tool to manage your device lists and rights on your Linux machine. With custom rules you can alter your system to do exactly what you want. A simple example which I recently needed is to change the group and the rights of a device. Let’s say you need to have write rights on the device /dev/sg*. These are not given usually under Fedora:

crw-------   1 root     root       21,   0  2. Apr 18:26 sg0
crw-------   1 root     root       21,   1  2. Apr 18:26 sg1

However, programs like Nero’s burning suite for Linux require these. So the best way is to change the group of the devices to disk and afterwards give the group write rights. In udev the best way is to create a custom rule file: /etc/udev/rules.d/55-disk-burning.rules.

# cat /etc/udev/rules.d/55-disk-burning.rules
BUS=="scsi", KERNEL=="sg[0-9]*", GROUP="disk", MODE="0660"

After a reboot the rights are as needed:

crw-rw----   1 root     disk       21,   0  2. Apr 18:26 sg0
crw-rw----   1 root     disk       21,   1  2. Apr 18:26 sg1

Of course this still requires the user to be a member of the disk group…

9 thoughts on “Short Tip: A simple udev rule for burn rights on /dev/sg*”

  1. Wouldn’t this be better handled by ConsoleKit and PolicyKit with file level ACLs on the devices, rather than changing ownerships?

  2. True,

    PolicyKit does a better job in my opinion. Here are the rules I wrote for NeroLinux 3.

    [slaanesh@simone ~]$ cat /usr/share/PolicyKit/policy/nerolinux-device-file.policy

    Directly access Generic SCSI devices
    System policy prevents access to the sg devices

    no
    yes

    [slaanesh@simone ~]$ cat /usr/share/hal/fdi/policy/20thirdparty/20-nerolinux-sg-devices.fdi

    access_control
    nerolinux
    linux.device_file

    Here’s how it changes the rights on sg* files after login:

    [slaanesh@simone dev]$ ls -al sg0
    crw-rw—-+ 1 root disk 21, 0 2008-04-02 16:58 sg0
    [slaanesh@simone dev]$ getfacl sg0
    # file: sg0
    # owner: root
    # group: disk
    user::rw-
    user:slaanesh:rw-
    group::r–
    mask::rw-
    other::—

  3. Yep, code is not my friend…

    [slaanesh@simone ~]$ cat /usr/share/PolicyKit/policy/nerolinux-device-file.policy

    Directly access Generic SCSI devices
    System policy prevents access to the sg devices

    no
    yes

    [slaanesh@simone ~]$ cat /usr/share/hal/fdi/policy/20thirdparty/20-nerolinux-sg-devices.fdi

    access_control
    nerolinux
    linux.device_file

    [slaanesh@simone ~]$ cd /dev/
    [slaanesh@simone dev]$ ls -al sg0
    crw-rw—-+ 1 root disk 21, 0 2008-04-02 16:58 sg0
    [slaanesh@simone dev]$ getfacl sg0
    # file: sg0
    # owner: root
    # group: disk
    user::rw-
    user:slaanesh:rw-
    group::r–
    mask::rw-
    other::—

  4. duh, I cannot post the xml files as they get interpreted. Does anyone know how to quote them?

  5. Jesse, I’m not sure which one has more advantages or disadvantages.

    Kevin, this was for testing purposes. But besides, Nero has a GUI for burning Blu-Ray and HD-DVD, so there are indeed use cases where Nero is the only option.

    slaanesh: if you want to post real code here, use this source code environment.

  6. Thanks, here’s my next try:

    /usr/share/PolicyKit/policy/nerolinux-device-file.policy

    Directly access Generic SCSI devices
    System policy prevents access to the sg devices

    no
    yes

    /usr/share/hal/fdi/policy/20thirdparty/20-nerolinux-sg-devices.fdi

    access_control
    nerolinux
    linux.device_file

  7. slaanesh, it somehow doesn’t work. If you like you can send it to me via e-mail and I will post it here for you with the right source code environment🙂

Comments are closed.