F10 on Asus N10J netbook

Wed Nov 19 17:07:35 UTC 2008

On Tue, Nov 18, 2008 at 01:46:44PM -0700, Michal Jaegermann wrote:
> On Tue, Nov 18, 2008 at 03:12:58PM -0500, David A. De Graaf wrote:
> > 
> > 1)  Edit /etc/group, adding every user to group pulse-access, or at
> > least every user that will be permitted to enjoy the sound system.
> > Be sure to include root.
> >     pulse-access:x:495:root,dad,srd
> 
> Why do you have include root?  It has that access anyway by a virtue
> of beeing root.
> 
> I was adding users to a group pulse-rt but if you are starting
> pulseaudio with '--system' then this will not make difference
> accordingly to 'man pulseaudio'.

If root is not included in group pulse-access, root isn't able to
use aplay to make sound.  In rc.local a system-wide pulseaudio daemon
starts successfully, but the next line to play a sound fails to do so.
After login, neither a root console nor a root xterm can play a sound.
So, when there is a "system-wide" instance of pulseaudio running,
unless a user is in group pulse-rt he cannot aplay a sound.
This is consistent with the man page paragraph "Group pulse-access".

> 
> > 2)  To relax the restrictions that block users from using the sound
> > system, create a new file, /etc/security/console.perms.d/80-sound.perms
> > 
> >     # define the sound device class
> >     <sound>=/dev/snd/*
> >     # permissions
> >     <console>  0666 <sound>    0666
> 
> I would probably made that into
> 
>       <console>  0664 <sound>    0664 root.pulse-access
> 

Empirically, if I do that, neither root nor dad can ever aplay a sound.

There are cases where the man page and the actual program seem
to conflict.  With the system-wide pulseaudio running, the command
    pulseaudio --kill
fails to kill it, when run by either dad or root!

When I tried to delicately amend the xfce initrc to use the --start
option so that it would start only if none was running, eg,
    if test x"`which pulseaudio 2>/dev/null`" != x""; then
    ##         pulseaudio -D &
           pulseaudio --start -D --log-target=syslog
    fi
the program blithely ignored the existing instance and started up
another.  Thus I was compelled to edit out the entire startup phrase:

    ##  if test x"`which pulseaudio 2>/dev/null`" != x""; then
    ##         pulseaudio -D &
    ##  fi

There are hidden and secret rules beyond the mind of man to comprehend
here.  In my opinion, the security mavens have gone wild, and made a
system that is nearly impossible for ordinary mortals to use.

I have yet to learn of a security risk that justifies impairing the
sound system to this degree.  If the danger is that wiseguys will send
obnoxious sound to someone else's machine, antisocial behaviour should
provoke social response.
If a colleague does it, tell him to stop.
If an employee does it, fire him after the third offense.
If your child does it, increase his allowance.

-- 
	David A. De Graaf    DATIX, Inc.    Hendersonville, NC
	dad at datix.us         www.datix.us