Re: What is the policy on audio group? and, proposal of a new group for the jack audio server

To: debian-devel@lists.debian.org
Subject: Re: What is the policy on audio group? and, proposal of a new group for the jack audio server
From: Simon McVittie <smcv@debian.org>
Date: Sun, 09 Nov 2014 23:54:53 +0000
Message-id: <[🔎] 545FFECD.4050900@debian.org>
In-reply-to: <[🔎] 20141109233411.GA10021@sx.local>
References: <1414358356.2467889.183498341.324FEA2B@webmail.messagingengine.com> <20141026223629.GA9326@bongo.bofh.it> <1414374505.2513381.183566945.6474339C@webmail.messagingengine.com> <20141027015800.GA26643@bongo.bofh.it> <[🔎] 1415541225.645217.188812509.7715A40D@webmail.messagingengine.com> <[🔎] 545F7B52.2090401@debian.org> <[🔎] 20141109151954.GA17524@angband.pl> <[🔎] 545F8FF1.20106@ralfj.de> <[🔎] 20141109233411.GA10021@sx.local>

On 09/11/14 23:34, Christian Hofstaedtler wrote:
>>> On the other hand, it would break typical uses of using sound remotely.
>>
>> This usually happens via UPnP or similar, though - the actual audio is
>> ultimately done by a local user. So the audio group is unrelated to this
>> usecase.
> 
> It very much is, because those users are usually daemon users that
> are not logged in through a session manager, and thereby don't get
> access granted by PolicyKit (or equiv).

Fine, put those daemon users in the audio group - in their packages'
postinst scripts, if necessary. I'm not saying that the audio group
should be abolished, only that "normal user" accounts (as created by
d-i, gnome-control-center, etc.) should ideally not be members of it.

FYI, PolicyKit is not actually relevant here: the actual access control
for (most uses of) the audio group is done by the kernel, when an
application running as the target user (often something like PulseAudio
or JACK, rather than the actual user-facing application) tries to open
the audio device nodes. systemd-logind implements "locally-logged-in
users may use audio devices" by setting ACLs on the device nodes for
those users:

% getfacl /dev/snd/pcmC0D0p
getfacl: Removing leading '/' from absolute path names
# file: dev/snd/pcmC0D0p
# owner: root
# group: audio
user::rw-
user:smcv:rw-
group::rw-
mask::rw-
other::---

(In this case, smcv is the only locally-logged-in user.)

    S

Reply to:

Follow-Ups:
- Re: What is the policy on audio group? and, proposal of a new group for the jack audio server
  - From: Christian Hofstaedtler <zeha@debian.org>

References:
- Re: What is the policy on audio group? and, proposal of a new group for the jack audio server
  - From: Kaj Ailomaa <zequence@mousike.me>
- Re: What is the policy on audio group? and, proposal of a new group for the jack audio server
  - From: Simon McVittie <smcv@debian.org>
- Re: What is the policy on audio group? and, proposal of a new group for the jack audio server
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: What is the policy on audio group? and, proposal of a new group for the jack audio server
  - From: Ralf Jung <post@ralfj.de>
- Re: What is the policy on audio group? and, proposal of a new group for the jack audio server
  - From: Christian Hofstaedtler <zeha@debian.org>

Prev by Date: Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936
Next by Date: Re: inconsistent versions of M-A: same packages
Previous by thread: Re: What is the policy on audio group? and, proposal of a new group for the jack audio server
Next by thread: Re: What is the policy on audio group? and, proposal of a new group for the jack audio server
Index(es):
- Date
- Thread