Overriding permissions from udev sample rules

Bruce Dubbs bruce.dubbs at gmail.com
Sun Oct 14 09:56:51 MDT 2007 

Bryan Kadzban wrote:

> Or use :=, but that's what I was trying to avoid if possible.  There are
> a few other differences between our permissions (or groups) and udev's,
> which I was hoping to override by moving 25- to 51- and leaving those
> rules alone.

Using :+ or "last_rule" really shouldn't be that big a deal.  Besides,
it is educational if someone analyzes the file.  The udev ducumentation
says that "I suggest you create a file at
/etc/udev/rules.d/10-local.rules and write all your rules into this
file."  Looking at other distros, several seem to use 40, but several
have a 64 too.

Speaking of that, Kay has debian, gentoo, frugalware, redhat, etc.
Maybe if we sent him the LFS rules, he would include them too.  Just a
thought.

> One instance is everywhere that udev assigns "uucp", we seem to assign
> "dialout" instead.  I think that's because we have no "uucp" group.

Yes. uucp is an anachronism, but most still use it.  RedHat seems to use
it for a lot of serial devices, but we just use dialout for that.
Actually dialout is a bit dated too.  Who uses a modem any more?  Not
anyone I know.

We could override that group with a 64- file or use :=.

Another option is to revert to uucp.  The only place that dialout is in
the book is section 6.6 and then it is only in a cat > /etc/group <<
"EOF".  It is not explained there.  It is also not mentioned in BLFS at
all.  This may be the simplest route as the custom rules could jsut not
mention this at all.

> Another is all the input devices: we assign 0644, but udev assigns 0640
> or 0600, depending on the device.  I'd rather not have to be a member of
> a certain group in order to test input devices.  Another is agpgart:
> udev assigns 0600, but we assign 0666.  (This may not matter, since X is
> setuid root.)  The last two are disk and tape devices: udev assigns tape
> devices to group "disk" instead of "tape", and disk devices get mode
> 0640 instead of our 0660.

I would think that the simpler we make our rules, the better.  For
comparison RedHat only has 15 rules in 40- and 1 rule in 64- (and that
is for pam and wouldn't apply to LFS).  Similarly, suse has 11 rules in
40- and all the rules in 64- apply to something called device-mapper
that doesn't apply to LFS.

> All of those can be overridden if we move our rules to 51-; just the TTY
> devices can't be.  So if we want to go with udev's permissions for TTYs
> (which sound like they'd probably work), then that should be fine.

Looking at other distros, I'm not sure anymore if we need any custom
rules at all.  I haven't looked at it in detail, but suse only changes
some groups to video and redhat generally sets some symlinks and changes
the owner and group of vc* devices.  All this customization would depend
on non-LFS packages.  I see it rare, if at all, that BLFS would need to
address the issue.


  -- Bruce

More information about the lfs-dev mailing list