Re: jackd/ dpkg-statoverride/ "audio" group question(s)
On Tue, Oct 28, 2003 at 09:52:52PM +1100, Zenaan Harkness wrote:
> One method is jackd/ jackstart. jackd runs as root, jackstart starts it,
> and can be run as any user, and uses kernel "capabilities" to give jackd
> the required scheduling priority ("realitime").
Why on earth would a sound server run as root? I hope this is a
misunderstanding, as I'm not familiar with jack. In should either:
- Be started as root, set its scheduling priority, and drop all unneeded
privileges
- Be started as root, gain CAP_SYS_NICE to set its priority later, and drop
all unneeded privileges.
The former being preferable, if it does not need to change its priority
during its lifetime.
> On Mon, 2003-10-27 at 02:04, Stefan Schwandter wrote:
> > > (BTW, Stefan, why does jackstart use "capabilities" (and therefore not
> > > work with my kernel), and jackd I can use --realtime option and it
> > > (seems to) works?)
> >
> > With jackstart. you can run jackd and it's clients as non-root user -
> > only jackstart has to be setuid root, jackd need not. This has the
> > advantage that files recorded with a jack client like ardour aren't
> > owned by root, for example.
>
> Perhaps there is also some third option as underlined above - "use a
> privileged audio device user". Can this be explained to me, is it a
> new option or just one of the above two?
>
> Once this is hashed out, I'm sure the folks on debian-multimedia@ldo
> will be appreciative (and our future audio users, such as myself).
This is probably similar to what I said above. If jackd only needs
permissions to access the sound device, it should run as a user (jack or
such) who is a member of the audio group, and NOT as root.
--
- mdz
Reply to: