According to the 12.2 documentation at configuring-device-persistence-manually-for-oracle… , ASM device permissions should be set to give "grid" and members of the "asmadmin" group read and write access, but not allowing other access. As "discovered" in an earlier thread, the Oracle server binary uses "asmadmin" setgid, which is how Oracle is able to write to the database files.
For example: KERNEL=="sdb1, OWNER="grid", GROUP="asmadmin", MODE="0660"
I noticed, after installing 18c GI and the ASM Filter Driver, it creates a udev rule, as following:
[root@localhost rules.d]# cat 53-afd.rules
#
# AFD devices
KERNEL=="oracleafd/.*", OWNER="grid", GROUP="asmadmin", MODE="0775"
KERNEL=="oracleafd/*", OWNER="grid", GROUP="asmadmin", MODE="0775"
KERNEL=="oracleafd/disks/*", OWNER="grid", GROUP="asmadmin", MODE="0664"
I wonder if this is an oversight, or perhaps it doesn't matter since the ASMFD driver only permits "oracle" I/O?
Any ideas? Thanks.