我经常处理格式化 USB 驱动器,这些驱动器注册为 /dev/sdX。一不小心,我可能会输错命令,并格式化我的硬盘。
我认为理想情况下我想编写一个 UDEV 规则来使特定的 /dev/sdX 驱动程序只读,包括所有 /dev/sdX* 以及最多也包括所有/dev/disc/by-*/*.这将使任何dd of=/dev/sdX和fdisk /dev/sdX都mkfs /dev/sdX失败。然后,如果我真的想修改,随时都可以chmod +w。
这样的 UDEV 规则会是什么样子?如何获取有关 /dev/sdX 路径的一些信息以便将其与 UDEV 规则“匹配”?如何匹配所有 /dev/sdX* 分区?
# smartctl -a /dev/sda
smartctl 7.3 2022-02-28 r5338 [x86_64-linux-6.2.2-zen2-1-zen] (local build)
Copyright (C) 2002-22, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF INFORMATION SECTION ===
Model Family: Western Digital Caviar Green
Device Model: WDC WD6400AAVS-00G9B1
Serial Number: WD-WCAUF2886253
LU WWN Device Id: 5 0014ee 202989df7
Firmware Version: 05.04C05
User Capacity: 640,135,028,736 bytes [640 GB]
Sector Size: 512 bytes logical/physical
Device is: In smartctl database 7.3/5319
ATA Version is: ATA8-ACS (minor revision not indicated)
SATA Version is: SATA 2.5, 3.0 Gb/s
Local Time is: Sun Mar 12 05:46:50 2023 CET
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
# udevadm info --query=all --attribute-walk --path=block/sda | cat
Udevadm info starts with the device specified by the devpath and then
walks up the chain of parent devices. It prints for every device
found, all possible attributes in the udev rules key format.
A rule to match, can be composed by the attributes of the device
and the attributes from one single parent device.
looking at device '/devices/pci0000:00/0000:00:1f.2/ata6/host5/target5:0:0/5:0:0:0/block/sda':
KERNEL=="sda"
SUBSYSTEM=="block"
DRIVER==""
ATTR{alignment_offset}=="0"
ATTR{capability}=="0"
ATTR{discard_alignment}=="0"
ATTR{diskseq}=="1"
ATTR{events}==""
ATTR{events_async}==""
ATTR{events_poll_msecs}=="-1"
ATTR{ext_range}=="256"
ATTR{hidden}=="0"
ATTR{inflight}==" 0 0"
ATTR{integrity/device_is_integrity_capable}=="0"
ATTR{integrity/format}=="none"
ATTR{integrity/protection_interval_bytes}=="0"
ATTR{integrity/read_verify}=="0"
ATTR{integrity/tag_size}=="0"
ATTR{integrity/write_generate}=="0"
ATTR{mq/0/cpu_list}=="0, 1, 2, 3, 4, 5, 6, 7"
ATTR{mq/0/nr_reserved_tags}=="0"
ATTR{mq/0/nr_tags}=="32"
ATTR{power/control}=="auto"
ATTR{power/runtime_active_time}=="0"
ATTR{power/runtime_status}=="unsupported"
ATTR{power/runtime_suspended_time}=="0"
ATTR{queue/add_random}=="1"
ATTR{queue/chunk_sectors}=="0"
ATTR{queue/dax}=="0"
ATTR{queue/discard_granularity}=="0"
ATTR{queue/discard_max_bytes}=="0"
ATTR{queue/discard_max_hw_bytes}=="0"
ATTR{queue/discard_zeroes_data}=="0"
ATTR{queue/dma_alignment}=="511"
ATTR{queue/fua}=="0"
ATTR{queue/hw_sector_size}=="512"
ATTR{queue/io_poll}=="0"
ATTR{queue/io_poll_delay}=="-1"
ATTR{queue/io_timeout}=="30000"
ATTR{queue/iosched/back_seek_max}=="16384"
ATTR{queue/iosched/back_seek_penalty}=="2"
ATTR{queue/iosched/fifo_expire_async}=="250"
ATTR{queue/iosched/fifo_expire_sync}=="125"
ATTR{queue/iosched/low_latency}=="1"
ATTR{queue/iosched/max_budget}=="0"
ATTR{queue/iosched/slice_idle}=="8"
ATTR{queue/iosched/slice_idle_us}=="8000"
ATTR{queue/iosched/strict_guarantees}=="0"
ATTR{queue/iosched/timeout_sync}=="125"
ATTR{queue/iostats}=="1"
ATTR{queue/logical_block_size}=="512"
ATTR{queue/max_discard_segments}=="1"
ATTR{queue/max_hw_sectors_kb}=="32767"
ATTR{queue/max_integrity_segments}=="0"
ATTR{queue/max_sectors_kb}=="1280"
ATTR{queue/max_segment_size}=="65536"
ATTR{queue/max_segments}=="168"
ATTR{queue/minimum_io_size}=="512"
ATTR{queue/nomerges}=="0"
ATTR{queue/nr_requests}=="64"
ATTR{queue/nr_zones}=="0"
ATTR{queue/optimal_io_size}=="0"
ATTR{queue/physical_block_size}=="512"
ATTR{queue/read_ahead_kb}=="128"
ATTR{queue/rotational}=="1"
ATTR{queue/rq_affinity}=="1"
ATTR{queue/scheduler}=="none mq-deadline kyber [bfq] "
ATTR{queue/stable_writes}=="0"
ATTR{queue/throttle_sample_time}=="100"
ATTR{queue/virt_boundary_mask}=="0"
ATTR{queue/write_cache}=="write back"
ATTR{queue/write_same_max_bytes}=="0"
ATTR{queue/write_zeroes_max_bytes}=="0"
ATTR{queue/zone_append_max_bytes}=="0"
ATTR{queue/zone_write_granularity}=="0"
ATTR{queue/zoned}=="none"
ATTR{range}=="16"
ATTR{removable}=="0"
ATTR{ro}=="0"
ATTR{size}=="1250263728"
ATTR{stat}==" 355 0 21348 2856 8 0 0 18 0 1424 2893 0 0 0 0 8 18"
ATTR{trace/act_mask}=="disabled"
ATTR{trace/enable}=="0"
ATTR{trace/end_lba}=="disabled"
ATTR{trace/pid}=="disabled"
ATTR{trace/start_lba}=="disabled"
looking at parent device '/devices/pci0000:00/0000:00:1f.2/ata6/host5/target5:0:0/5:0:0:0':
KERNELS=="5:0:0:0"
SUBSYSTEMS=="scsi"
DRIVERS=="sd"
ATTRS{blacklist}==""
ATTRS{delete}=="(not readable)"
ATTRS{device_blocked}=="0"
ATTRS{device_busy}=="0"
ATTRS{dh_state}=="detached"
ATTRS{eh_timeout}=="10"
ATTRS{evt_capacity_change_reported}=="0"
ATTRS{evt_inquiry_change_reported}=="0"
ATTRS{evt_lun_change_reported}=="0"
ATTRS{evt_media_change}=="0"
ATTRS{evt_mode_parameter_change_reported}=="0"
ATTRS{evt_soft_threshold_reached}=="0"
ATTRS{inquiry}==""
ATTRS{iocounterbits}=="32"
ATTRS{iodone_cnt}=="0x1c1"
ATTRS{ioerr_cnt}=="0x24"
ATTRS{iorequest_cnt}=="0x1c1"
ATTRS{iotmo_cnt}=="0x0"
ATTRS{model}=="WDC WD6400AAVS-0"
ATTRS{ncq_prio_enable}=="0"
ATTRS{ncq_prio_supported}=="0"
ATTRS{power/autosuspend_delay_ms}=="-1"
ATTRS{power/control}=="on"
ATTRS{power/runtime_active_time}=="741934"
ATTRS{power/runtime_status}=="active"
ATTRS{power/runtime_suspended_time}=="0"
ATTRS{queue_depth}=="32"
ATTRS{queue_ramp_up_period}=="120000"
ATTRS{queue_type}=="simple"
ATTRS{rescan}=="(not readable)"
ATTRS{rev}=="4C05"
ATTRS{scsi_level}=="6"
ATTRS{state}=="running"
ATTRS{timeout}=="30"
ATTRS{type}=="0"
ATTRS{vendor}=="ATA "
ATTRS{vpd_pg0}==""
ATTRS{vpd_pg80}==""
ATTRS{vpd_pg83}==""
ATTRS{vpd_pg89}==""
ATTRS{vpd_pgb0}==""
ATTRS{vpd_pgb1}==""
ATTRS{vpd_pgb2}==""
ATTRS{wwid}=="naa.50014ee202989df7"
looking at parent device '/devices/pci0000:00/0000:00:1f.2/ata6/host5/target5:0:0':
KERNELS=="target5:0:0"
SUBSYSTEMS=="scsi"
DRIVERS==""
ATTRS{power/control}=="auto"
ATTRS{power/runtime_active_time}=="741935"
ATTRS{power/runtime_status}=="active"
ATTRS{power/runtime_suspended_time}=="0"
looking at parent device '/devices/pci0000:00/0000:00:1f.2/ata6/host5':
KERNELS=="host5"
SUBSYSTEMS=="scsi"
DRIVERS==""
ATTRS{power/control}=="auto"
ATTRS{power/runtime_active_time}=="741936"
ATTRS{power/runtime_status}=="active"
ATTRS{power/runtime_suspended_time}=="314"
looking at parent device '/devices/pci0000:00/0000:00:1f.2/ata6':
KERNELS=="ata6"
SUBSYSTEMS==""
DRIVERS==""
ATTRS{power/control}=="on"
ATTRS{power/runtime_active_time}=="742252"
ATTRS{power/runtime_status}=="active"
ATTRS{power/runtime_suspended_time}=="0"
looking at parent device '/devices/pci0000:00/0000:00:1f.2':
KERNELS=="0000:00:1f.2"
SUBSYSTEMS=="pci"
DRIVERS=="ahci"
ATTRS{ari_enabled}=="0"
ATTRS{broken_parity_status}=="0"
ATTRS{class}=="0x010601"
ATTRS{consistent_dma_mask_bits}=="64"
ATTRS{d3cold_allowed}=="1"
ATTRS{device}=="0x1e02"
ATTRS{dma_mask_bits}=="64"
ATTRS{driver_override}=="(null)"
ATTRS{enable}=="1"
ATTRS{irq}=="28"
ATTRS{local_cpulist}=="0-7"
ATTRS{local_cpus}=="ff"
ATTRS{msi_bus}=="1"
ATTRS{msi_irqs/28}=="msi"
ATTRS{numa_node}=="-1"
ATTRS{power/control}=="on"
ATTRS{power/runtime_active_time}=="742302"
ATTRS{power/runtime_status}=="active"
ATTRS{power/runtime_suspended_time}=="0"
ATTRS{power/wakeup}=="disabled"
ATTRS{power/wakeup_abort_count}==""
ATTRS{power/wakeup_active}==""
ATTRS{power/wakeup_active_count}==""
ATTRS{power/wakeup_count}==""
ATTRS{power/wakeup_expire_count}==""
ATTRS{power/wakeup_last_time_ms}==""
ATTRS{power/wakeup_max_time_ms}==""
ATTRS{power/wakeup_total_time_ms}==""
ATTRS{power_state}=="D0"
ATTRS{remapped_nvme}=="0"
ATTRS{remove}=="(not readable)"
ATTRS{rescan}=="(not readable)"
ATTRS{reset}=="(not readable)"
ATTRS{reset_method}=="af_flr"
ATTRS{revision}=="0x04"
ATTRS{subsystem_device}=="0x11d6"
ATTRS{subsystem_vendor}=="0x1734"
ATTRS{vendor}=="0x8086"
looking at parent device '/devices/pci0000:00':
KERNELS=="pci0000:00"
SUBSYSTEMS==""
DRIVERS==""
ATTRS{power/control}=="auto"
ATTRS{power/runtime_active_time}=="0"
ATTRS{power/runtime_status}=="unsupported"
ATTRS{power/runtime_suspended_time}=="0"
ATTRS{waiting_for_supplier}=="0"
答案1
为其创建 udev 规则相对简单。只需将以下内容添加到/etc/udev/rules.d/yourname.rule:
ATTRS{wwid}=="naa.50014ee202989df7", MODE="0440"
这里我wwid在输出中使用了present来udevadm info --query=all --attribute-walk --path=/sys/block/sda唯一匹配光盘。您可以对任何光盘重复此操作。
请注意,这将不是防范mkfs /dev/sda1。即使有权限mkfs似乎也不受影响。/dev/sda10000