jackd/ dpkg-statoverride/ "audio" group question(s)
Just been tinkering with jackstart and findout out what suid bit means.
I think that the following would be a useful way to have audio software
that requires "root" privileges set up:
dpkg-statoverride --update --add root audio 4754 \
/usr/bin/jackstart
What this says is that each time the file /usr/bin/jackstart is
(re)installed, it should be set to owner root, group audio, and
permissions 4754. That permissions seems to result (and this is what I
wanted) in:
- 4 = suid bit
- 7 = rwx (owner, root)
- 5 = rx (group, audio)
- 4 = r (other)
(hoping I've got 'em right)
To me I think this makes sense. I add myself to group audio, and audio
applications as well (such as jackstart, with the dpkg-statoverride as
above).
Debian packaging policy
(usr/share/doc/debian-policy/policy.html/ch-files.html#s10.9) says to
have root.root and rwxr-xr-w perms. But in this case I am thinking that
(with suid bit), it is better to have an "audio" group and "other" only
readable.
Is this sensible or off base for a debian package?
Is there a policy for audio apps in this regard?
If applicable, this would also apply to ardour and many others I guess.
??
Hope that's not too many Qs for one email.
(BTW, Stefan, why does jackstart use "capabilities" (and therefore not
work with my kernel), and jackd I can use --realtime option and it
(seems to) works?)
thanks
zen
Reply to: