[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What is the policy on audio group? and, proposal of a new group for the jack audio server

On 09/11/14 13:53, Kaj Ailomaa wrote:
> So, who determined that audio group will not be used as a default user
> group in Debian

As far as I know, nobody yet. Marco was expressing what he thinks should
happen in future, not what has happened already. I agree with his
opinion on this.

> and when you say eventually, do you mean Debian 9?

I think that would be a good timescale, yes.

Members of the audio group can play and record[1] audio via remote
logins, even when not physically present at the hardware. To me, that
doesn't seem consistent with a "least astonishment" policy for users of
a shared machine to have privacy from each other: if I have a private
conversation "in real life" while using a shared computer, and Bob has
an account on that computer but is not present or logged-in locally, it
doesn't seem desirable for Bob to be able to record my conversation.

On systems with infrastructure to adjust device ACLs during login, the
audio group is unnecessary for normal operation: when you log in
locally, the infrastructure can set the ACL to allow you to access the
audio device nodes, and when you log out, it can remove that ACL entry.

(One of the things systemd-logind does is that it is one implementation
of that infrastructure; I think ConsoleKit was another.)

As far as I'm aware, if a sysadmin wants to designate privileged users
who can play and record audio without being logged-in locally, they can
still add those users to the audio group.


[1] assuming a microphone is present; this has not traditionally been
the case on desktop- or tower-style PCs, but many laptops do have a
built-in microphone, and not all have a mute button or LED for it

Reply to: