Re: Recently sound does not play as root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 20 Mar 2023 17:22:57 +1100
Eyal Lebedinsky <fedora@xxxxxxxxxxxxxx> wrote:

> Fedora 36 up-to-date.
> 
> $ uname -a
> Linux e4.eyal.emu.id.au 6.1.15-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC
> Fri Mar  3 17:22:46 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
> 
> I have a script running as root (using sudo) and in it I play a sound
> 	paplay /audio/ogg/beginning.ogg
> and it always worked.

I think this should work, if the user that you are sudoing from is the
first user to log into the system.  I notice that if I log in (now with
pipewire as the sound server), and then login as another user, that new
user has no access to sound.  This is by design for security reasons.
But, I think the logic should be, if you sudo from the user who has
sound, the ability to use sound should transfer.  You aren't becoming
root, you are just temporarily gaining the powers of root as a user,
and there doesn't seem to be a security hole if you continue to use
sound, as it is still you.

But, I just tried it, playing a video with mplayer.  And the video
worked, but the sound didn't.  My guess is that this used to be a
loophole in the sound restriction logic, and someone patched it
recently, because they disagree that sudo should be able to play sound
in the scenario above.

> Is there a simple way to allow playing sounds in this context?

I don't know if pipewire continued the practice, but it used to be
possible to start pulseaudio as a sound server that everyone could
access, rather than as a service restricted to a single user.  When
started as a server, every user logged in had access to sound.  It was
a configuration setting, so you should look in the pipewire
documentation to see if it is also possible with pipewire.

Maybe it is the same solution that Roberto recommended.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux