On Tue, Nov 18, 2008 at 01:46:44PM -0700, Michal Jaegermann wrote: > On Tue, Nov 18, 2008 at 03:12:58PM -0500, David A. De Graaf wrote: > > > > 1) Edit /etc/group, adding every user to group pulse-access, or at > > least every user that will be permitted to enjoy the sound system. > > Be sure to include root. > > pulse-access:x:495:root,dad,srd > > Why do you have include root? It has that access anyway by a virtue > of beeing root. > > I was adding users to a group pulse-rt but if you are starting > pulseaudio with '--system' then this will not make difference > accordingly to 'man pulseaudio'. If root is not included in group pulse-access, root isn't able to use aplay to make sound. In rc.local a system-wide pulseaudio daemon starts successfully, but the next line to play a sound fails to do so. After login, neither a root console nor a root xterm can play a sound. So, when there is a "system-wide" instance of pulseaudio running, unless a user is in group pulse-rt he cannot aplay a sound. This is consistent with the man page paragraph "Group pulse-access". > > > 2) To relax the restrictions that block users from using the sound > > system, create a new file, /etc/security/console.perms.d/80-sound.perms > > > > # define the sound device class > > <sound>=/dev/snd/* > > # permissions > > <console> 0666 <sound> 0666 > > I would probably made that into > > <console> 0664 <sound> 0664 root.pulse-access > Empirically, if I do that, neither root nor dad can ever aplay a sound. There are cases where the man page and the actual program seem to conflict. With the system-wide pulseaudio running, the command pulseaudio --kill fails to kill it, when run by either dad or root! When I tried to delicately amend the xfce initrc to use the --start option so that it would start only if none was running, eg, if test x"`which pulseaudio 2>/dev/null`" != x""; then ## pulseaudio -D & pulseaudio --start -D --log-target=syslog fi the program blithely ignored the existing instance and started up another. Thus I was compelled to edit out the entire startup phrase: ## if test x"`which pulseaudio 2>/dev/null`" != x""; then ## pulseaudio -D & ## fi There are hidden and secret rules beyond the mind of man to comprehend here. In my opinion, the security mavens have gone wild, and made a system that is nearly impossible for ordinary mortals to use. I have yet to learn of a security risk that justifies impairing the sound system to this degree. If the danger is that wiseguys will send obnoxious sound to someone else's machine, antisocial behaviour should provoke social response. If a colleague does it, tell him to stop. If an employee does it, fire him after the third offense. If your child does it, increase his allowance. -- David A. De Graaf DATIX, Inc. Hendersonville, NC dad@xxxxxxxx www.datix.us -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list