[PlanetCCRMA] Modprobe question -- I think

wayne mrgirmm@radioactivecatfish.com
Tue Mar 29 15:41:01 2005

ahoy all...

  on the same thread i think, is there a way to only allow a certain group
id to utilize the realtime priority features?  right now i believe by
default any program can access the realtime capabilities... is this also
a PAM setting, or is it set somewhere else?

  thanks, wayne

----- Original Message -----
> On Tue, 2005-03-29 at 11:33, ken dawson chia wu wrote:
>> Hello,
>> I'm running the Planet FC2 distro on my laptop (a Dell 7500) with all
>> the audio
>> packages installed.  I use it at work as my audio-content player,
>> logging in
>> using ssh from my development behemoth and running sound apps through
>> the
>> built-in sound card and a pair of headphones.  Works great, with the
>> usual One
>> Single Caveat ...: I have to log into the laptop's console in order for
>> the
>> sound-rendering software to be able to access the sound card.
>> Back in ancient times, there was this notion of an "audio" group to
>> which users
>> could be added if they were trusted to do Reasonable Things with the
>> sound
>> system, and the concerned device nodes were created with the group
>> "audio"
>> having -rw- permissions.  This seems to have disappeared, but I would
>> like to
>> resurrect it for my purposes, because, honestly, I see leaving my system
>> with an
>> open login as more of a threat/nuisance than whatever perils I can
>> foresee from
>> allowing normal users to play sounds.
>> The problem is that the architecture of the FC2+ startup stuff has kind
>> of
>> outstripped my confident comprehension.  It used to suffice to modify
>> some
>> flavor of /etc/rc.d/... script to accomplish this sort of work-around,
>> but this
>> seems to no longer be the case.  I have the vague feeling that the
>> solution must
>> be in some clever incantation to be inserted into /etc/modprobe.conf,
>> but,
>> outside of the really quite explicit instructions certain ALSA-related
>> have listed, I can find no document which suggests how I might invent
>> this
>> incantation that I seek on my own from (sort of) first principles.
> Permissions for devices are handled through pam (Pluggable
> Authentication Modules). The file that controls that is:
>   /etc/security/console.perms
> ("man console.perms" for a bit more detail)
> You could create a new audio group and change the permissions for the
> relevant audio devices in that file (it controls the permissions for
> when a user is logged in at the console, but also what they revert to
> when the user logs out).
> -- Fernando
> _______________________________________________
> PlanetCCRMA mailing list
> PlanetCCRMA@ccrma.stanford.edu
> http://ccrma-mail.stanford.edu/mailman/listinfo/planetccrma