diff --git a/package/base/devfsd/cdrom_register.sh b/package/base/devfsd/cdrom_register.sh
new file mode 100644
index 000000000..627d8624c
--- /dev/null
+++ b/package/base/devfsd/cdrom_register.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+#
+# this script is to be called by devfsd on REGISTER for cd and generic devs.
+#
+# corresponding devfsd.conf line should look this way:
+# REGISTER ^((ide|scsi)/.*)/(cd|generic)$ EXECUTE /usr/lib/devfsd/cdrom_register.sh $mntpnt \1 \3
+#
+# [M] Tobias Hintze <th@rocklinux.org>
+#
+if [ "$#" != "3" ]
+then
+	logger "$0 called with invalid arguments."
+	exit
+fi
+
+# secure default
+MODE=600
+OWNER=root.root
+
+# possible convenience to override MODE and OWNER
+[ -r /etc/conf/devfs.cdrom ] && . /etc/conf/devfs.cdrom
+
+if [ -b "$1/$2/cd" ]
+then
+	# this is a cdrom
+	chown $OWNER "$1/$2/$3"
+	chmod $MODE "$1/$2/$3"
+	logger "permissions for $1/$2/$3 set."
+fi
+
diff --git a/package/base/devfsd/devfsd.conf b/package/base/devfsd/devfsd.conf
index f0c047a69..82552f90d 100644
--- a/package/base/devfsd/devfsd.conf
+++ b/package/base/devfsd/devfsd.conf
@@ -27,6 +27,10 @@ devfsd_postmake()
 	cp -vf $confdir/devfsd.conf.data $root/etc/devfsd.conf
 	mkdir -p $root/etc/devfsd.d
 
+	mkdir -p $root/usr/lib/devfsd
+	cp -vf $confdir/cdrom_register.sh $root/usr/lib/devfsd/
+	chmod 755 $root/usr/lib/devfsd/cdrom_register.sh
+
 	for x in $( cd $confdir ; echo devfsd_*.txt ) ; do
                 y="${x%.txt}"
 		file=/etc/devfsd.d/${y/devfsd_/}
diff --git a/package/base/devfsd/devfsd_hardware.txt b/package/base/devfsd/devfsd_hardware.txt
index 8424c579f..2c12d01a4 100644
--- a/package/base/devfsd/devfsd_hardware.txt
+++ b/package/base/devfsd/devfsd_hardware.txt
@@ -2,7 +2,7 @@
 # cd-rom
 
 # user/group and persmission for the cd and the corespondig generic device
-REGISTER ^(ide|scsi)/host[0-9]+/bus[0-9]+/target[0-9]+/lun[0-9]+/(cd|generic) PERMISSIONS root.users 0664
+REGISTER ^((ide|scsi)/.*)/(cd|generic)$ EXECUTE /usr/lib/devfsd/cdrom_register.sh $mntpnt \1 \3
 
 # handle the historic /dev/cdrom device always pointing to the first CD-ROM
 REGISTER    ^(cdroms/cdrom0)$ 	EXECUTE		ln -s /dev/\1 /dev/cdrom