2011-08-01. Newly compiled Gentoo system. New ones have very minimal udev settings in /etc/udev/rules.d compared to systems a few years ago at the start of udev. Just a couple of packages have added a file, and a couple of files are autogenerated to keep net and cd hardware at constant names. I want various accessories like cameras, scanners, cd, graphics, to be easily available to any logged in user on this home desktop system on which several accounts are often logged in at once. The following in a new file, /etc/udev/rules.d/65-permissions.rules had the right effect. Most came from older files, but the final part needed a little looking up in order to avoid the earlier system's long long list of all known cameras and scanners. # # settings for (friendly) permissions, to avoid hassle on highly-shared desktop systems # # cdrom devices ENV{ID_CDROM}=="?*", GROUP="cdrom", MODE="666" KERNEL=="pktcdvd|pktcdvd[0-9]*", GROUP="cdrom", MODE="666" # assign cdrom-permission also to associated generic device (for cd-burning ...) SUBSYSTEMS=="scsi", KERNEL=="sg[0-9]*", ATTRS{type}=="[45]", GROUP="cdrom", MODE="666" # sound devices (sound=alsa, snd=oss) SUBSYSTEM=="sound|snd", GROUP="audio", MODE="0666" # full hardware access for graphics KERNEL=="nvidia*", GROUP="video", MODE="0666" # try to cover all pluggable devices -- disks, cameras, scanner [printer], ... #SUBSYSTEM=="usb_device", GROUP="usb", MODE="0666" ATTR{product}=="*[Ss]canner*|*[Cc]amera*", GROUP="usb", MODE="0666" The udevadm command from sys-fs/udev-164-r2 turned out very handy. # udevadm info --export-db | less [... list of all usb components ...] # udevadm info --query all --path=/sys/bus/usb/devices/usb1/1-3 P: /bus/usb/devices/usb1/1-3 N: bus/usb/001/003 S: char/189:2 E: UDEV_LOG=3 E: DEVPATH=/bus/usb/devices/usb1/1-3 E: MAJOR=189 E: MINOR=2 E: DEVNAME=/dev/bus/usb/001/003 E: DEVTYPE=usb_device E: DRIVER=usb E: DEVICE=/proc/bus/usb/001/003 E: PRODUCT=4b8/11f/110 E: TYPE=255/255/255 E: BUSNUM=001 E: DEVNUM=003 E: SUBSYSTEM=usb E: libsane_matched=yes E: ID_VENDOR=EPSON E: ID_VENDOR_ENC=EPSON E: ID_VENDOR_ID=04b8 E: ID_MODEL=EPSON_Scanner E: ID_MODEL_ENC=EPSON\x20Scanner E: ID_MODEL_ID=011f E: ID_REVISION=0110 E: ID_SERIAL=EPSON_EPSON_Scanner E: ID_BUS=usb E: ID_USB_INTERFACES=:ffffff: E: DEVLINKS=/dev/char/189:2 E: TAGS=:udev-acl: udevadm info --attribute-walk --path=/sys/bus/usb/devices/usb1/1-3/ Udevadm info starts with the device specified by the devpath and then walks up the chain of parent devices. It prints for every device found, all possible attributes in the udev rules key format. A rule to match, can be composed by the attributes of the device and the attributes from one single parent device. looking at device '/bus/usb/devices/usb1/1-3': KERNEL=="1-3" SUBSYSTEM=="usb" DRIVER=="usb" ATTR{configuration}=="" ATTR{bNumInterfaces}==" 1" ATTR{bConfigurationValue}=="1" ATTR{bmAttributes}=="c0" ATTR{bMaxPower}=="100mA" ATTR{urbnum}=="9" ATTR{idVendor}=="04b8" ATTR{idProduct}=="011f" ATTR{bcdDevice}=="0110" ATTR{bDeviceClass}=="ff" ATTR{bDeviceSubClass}=="ff" ATTR{bDeviceProtocol}=="ff" ATTR{bNumConfigurations}=="1" ATTR{bMaxPacketSize0}=="64" ATTR{speed}=="480" ATTR{busnum}=="1" ATTR{devnum}=="3" ATTR{devpath}=="3" ATTR{version}==" 2.00" ATTR{maxchild}=="0" ATTR{quirks}=="0x0" ATTR{avoid_reset_quirk}=="0" ATTR{authorized}=="1" ATTR{manufacturer}=="EPSON" ATTR{product}=="EPSON Scanner" looking at parent device '/devices/pci0000:00/0000:00:02.1/usb1': From this, and the knowledge that udev supports "globbing" (simple shell-like filename pattern matching), the pattern "*[Ss]canner*|*[Cc]amera*" was used to match the product attribute "ATTR{product}" for scanners and cameras, making all users able to access them.