Is it possible to write a new udev rule that undoes TAG+="uaccess" (removes the uaccess tag) without undoing any of the other tags on a device? If so, how?
(I have a device that should be opened by a daemon. Unfortunately, the uaccess tag added in /lib/udev/rules.d/70-uaccess.rules causes the permissions to be mangled whenever someone logs in, breaking access for the daemon.)
From version 217 onwards, is possible to do that using:
TAG-="uaccess"
For older versions, sadly it isn't. So you can workaround adding some conditional that would prevent the tag from being added:
KERNEL=="sdb", GROUP="daemon", OPTIONS+="last_rule"
In this case, you set the permissions and then nothing else can be added.
I tried the accepted answer and it didn't work for RHEL7. The OPTIONS+="last_rule" is deprecated.
SUBSYSTEM=="block", ENV{ID_CDROM}=="1",TAG:="systemd"
This needs to run after the 70-uaccess.rules. Name it /etc/udev/rules.d/71-uaccess-remove.rules
last_rule. This works only if my rule is evaluated before theTAG+="uaccess"rule. I think I can guarantee this ordering if my rules filename is lexically sorted before70-uaccess.rules, right? (e.g., name it/etc/udev/rules.d/69-uaccess-preempt.rules) – Richard Hansen Sep 19 '14 at 04:14TAG-="foo"as of v217, which was released 2014-10-27. (commit, changelog entry) – Richard Hansen Dec 10 '14 at 17:43