How to prevent udev from setting ACL on CD ROM device "/dev/sr0" in RHEL 7?

Solution Verified - Updated -

Issue

  • By default, udev sets an ACL on the CDROM device /dev/sr0 so the user using the console is given permission to access it. I would like to disable that functionality. I want to change the group and leave the default 660 permissions as they are.

  • I've researched udev rules to disable uaccess but nothing I create works. Setting the following rule changes the group. The OPTIONS+="last_rule", according to documentation, should prevent further changes such as the system 70-uaccess.rules from adding theuaccess tag, It does not.

/etc/udev/rules.d/60-dta-lockdown.rules:
SUBSYSTEM=="block", ENV{ID_CDROM}=="1", GROUP="2014", OPTIONS+="last_rule"
  • Running a rule after the 70-uaccess.rules to remove the tag does not work either. (This feature is likely only available in a newer version of udev/systemd.)
/etc/udev/rules.d/71-dta-lockdown2.rules:
SUBSYSTEM=="block", ENV{ID_CDROM}=="1", TAG-="uaccess"
  • The only way I've gotten it to stop is to comment out the CDROM rules in /lib/udev/rules.d/70-uaccess.rules. This is not desirable since an update will replace the file and enable the functionality.

Environment

  • Red Hat Enterprise Linux(RHEL) 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content