Creating a jackuser group
Dan Williams
dcbw at redhat.com
Wed Feb 7 11:56:24 UTC 2007
On Tue, 2007-02-06 at 20:59 -0500, Bill Nottingham wrote:
> Anthony Green (green at redhat.com) said:
> > fedora-music-list hosted a thread[1] recently on making it easier to run
> > the jack-audio-connection-kit server. It's a bit of a mess right now
> > because users have to manually edit /etc/security/limits.conf before
> > anything will run.
> >
> > In order to clean things up, it was proposed that Fedora come
> > pre-installed with a jackuser entry in /etc/group, as well as including
> > the following in /etc/security/limits.conf...
> >
> > @jackuser - rtprio 20
> > @jackuser - memlock 131072
> >
> > Then users simply need to be added to the jackuser group in order to run
> > jackd and associated applications. I believe this models what other
> > distros are doing to support jack users.
>
> Well, it means any user you add can't be removed from the group, but...
> *shrug*. Still seems to be a hack.
>
> > So, if this sounds like a sane thing to do for Fedora 7, do I simply
> > file bugzilla issues against the setup and pam packages (which
> > own /etc/group and /etc/security/limits.conf respectively).
>
> You can *not* add users in setup; you break the transaction due to
> dependency loops. The group would need to be added attached to some
> other package.
Hmm; I wonder if there are better ways to do this. Debian/Ubuntu use
groups for networking stuff, and, for example, you can't talk to
NetworkManager unless you're in the 'netdev' group. Which is odd.
So lets think about the user experience here. If somebody installs an
app that uses Jack or requires realtime audio capabilities, what's the
failure mode if they're not in the 'rtaudio' group? How would they know
what to do to be able to do realtime audio? How do they get told that
they need to got to system-config-users, enter the root password, and
add themselves?
Just fixing up the lower layers and base permission scheme doesn't fix
the problem; we've got to think how it works vertically all down the
entire stack. About the last thing we want is a nice "Could not
initialize realtime audio" dialog in some app, which is par for the
course, but says _nothing_ about what failed, and how to fix it.
Dan
More information about the fedora-devel-list
mailing list