[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#821424: pulseaudio: Do not put normal users on group audio

On Tue, 2016-04-19 at 06:07 +0200, Christian PERRIER wrote:
> 
> 
> Control: reassign -1 user-setup
> 
> Quoting Felipe Sateler (fsateler@debian.org):
> > 
> > 
> > 
> > Control: reassign -1 debian-installer
> > 
> > On 18 April 2016 at 13:06, Corcodel Marian <asu@marian1000.go.ro>
> > wrote:
> > 
> > > 
> > > 
> > > 
> > > Any way pulseaudio is default sound server on debian and suggest
> > > to do not put
> > > users on audio group because cross interference with alsa
> > > programs, now alsa is
> > > for power users and pulseaudio is on default.
> > Pulseaudio does not add the user to the audio group. I'm guessing
> > the
> > installer does, so I reassign there.
> Adding the *first created* user to so-called "useful" groups is done
> by user-setup.
> 
> We'll need a detaailed explanantion abou twhy this shouldn't be done
> anymore, including all possible use cases of the installer.

I don't know where you get this 'all possible use cases of the
installer' from.  Adding the first user to device access groups only
ever made sense for single-user desktop/mobile systems.  The installer
doesn't make device access work automagically for other local users of
multi-user desktop/mobile systems, nor does it do the right thing for
servers - where the first user is likely to be a remote admin (and
often one of a team of admins who shuld have the same privileges).

systemd installs udev rules (/lib/udev/rules.d/70-uaccess.rules) that
add the 'uaccess' tag to many kinds of devices.  systemd-logind then
adds locally logged-in users to the ACLs for the corresponding device
nodes.  This makes all or most of the groups for local device access
redundant.

I've done a quick test of removing myself from the device access groups
on a current GNOME desktop, with these results:

- audio:      redundant, I'm on the ACL for /dev/snd/*
- cdrom:      redundant, I'm on the ACL for /dev/sr0
- floppy:     unknown, but expect this to work like cdrom
- video:      redundant, I'm on the ACL for /dev/video0
- plugdev:    redundant, I'm on the ACL for /dev/bus/usb/002/006
- netdev:     redundant, I'm on the ACL for /dev/rfkill
- scanner:    redundant, I'm on the ACL for /dev/sg2
- bluetooth:  unknown, seems broken whether or not I'm a member of the group

The other groups (dip, debian-tor, lpadmin, sudo) make more sense,
though CUPS should probably be changed to treat sudo like lpadmin.

Ben.

-- 
Ben Hutchings
Usenet is essentially a HUGE group of people passing notes in class.
                      - Rachel Kadel, `A Quick Guide to Newsgroup Etiquette'

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: