Controlling access to the device node

Red Hat Enterprise Linux 9.2 LPAR mode z/VM guest KVM guest

Red Hat® Enterprise Linux® by default assigns access mode 0644 to /dev/prandom.

To restrict access to the device node to root users, add the following udev rule. It prevents non-root users from reading random numbers from /dev/prandom.
               KERNEL=="prandom", MODE="0600", OPTIONS="last_rule"
If access to the device is restricted to root, add the following udev rule. It automatically extends access to the device to other users.
               KERNEL=="prandom", MODE="0644", OPTIONS="last_rule"