On Wed, 07 Jun 2006 23:30:44 +0200, Holger Levsen <debian@layer-acht.org> wrote:
On Friday 02 June 2006 12:32, Eduardo Marcel Macan wrote:AFAIK group audio is there for security, so that in a multiuser, networked environment random users are not able to open the microphone input remotely and listen to conversations taking place around the computer.in the default debian-installer install, the user which gets created at installation is added to the audio group. So you have audio and "that security" as new users per default are not added to the audio group.
But it is the wrong security model, as it does not fascilitate something like "xhost +local:", i.e. granting locally logged in users to use the sound device. I mean, what contrived use cases do we have where it is NOT okay for the user at the console to use /dev/dsp? I am talking about regular usage, not any real-time scheduling stuff. Mixing up the privilege to make sound with the privilege to use real-time scheduling is not what I want. I want _any_ user at the console to be able to make and record sound, but _only_ those in the audio group to do funky real-time scheduling stuff. I have to trust those people not to lock up my system. This needs to be adressed, as the current way of doing it is so annoying that it tempts too many users to subvert it altogether. A good security model is something _everybody_ keeps on. -- Herman Robak