[pulseaudio-discuss] Pulseaudio runs as mpd user after login

Colin Guthrie gmane at colin.guthr.ie
Fri Jul 22 02:37:46 PDT 2011

'Twas brillig, and Maystar at web.de at 22/07/11 10:00 did gyre and gimble:
> Btw: I've just seen that the mpd user is just in the pulse-access group
> and not in the audio group. Are these groups equivalent?

Not really equivalent no, but somewhat related.

PA can be run in two modes: per-user (strongly recommended by us) or
system wide (strongly discouraged by us).

System wide mode allows one PA daemon to be run on the system and then
each user (mpd, you, guest user) to access that one daemon
simultaneously. The "authentication" used here is membership of the
pulse-access group. i.e. if you are in that group you can talk to the
system-wide PA.

System wide mode has a number of disadvantages, including the lack of
SHM support meaning much more overhead to copy audio data from client
applications to the server, lack of loading modules as needed (which can
affect hotplug and bluetooth support) and various other issues.

Per-user is the recommended way. Each user runs their own PA daemon and
the systems in place beneath us (udev, console kit etc.) take care of
tracking user logins and assign rights to the "active" user on various
bits of hardware via file system ACLs. The per-user PA daemons listen to
all this and respect what the system tells us about when we are and are
not allowed to access the sound system. This facilitates seamless user
switching with graceful handover of control of the audio devices (and we
can even push "pause" events up to e.g. media players when this
happens). It can also reduce overhead (due to SHM) and hotplugging and
other nice things such as bluetooth support, seamless network support
etc. all work nicely. In this setup, the pulse-access group means nothing.

The audio group is lower level. The sound device nodes (in the /dev/snd/
path) are generally group owned by audio. You should not under normal
circumstances have to care about the audio group at all. It's only
really used for special cases like this.

You will notice that when you are an active user, the devices in
/dev/snd/ will have a little + next to them in the ls -l output that
indicates they have an ACL. You can read this via e.g getfacl
/dev/snd/pcm* It will show you that your user specifically is allowed to
access the sound node. If you were to fast user switch, this ACL would

By adding yourself to the audio group you bypass the need for this ACL
to grant you access to the sound device and thus you can access it at
all times, even when you do not have an active session. This allows MPD
to work fine.

Hope that explains things a little.



Colin Guthrie

Day Job:
  Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
  Mageia Contributor [http://www.mageia.org/]
  PulseAudio Hacker [http://www.pulseaudio.org/]
  Trac Hacker [http://trac.edgewall.org/]

More information about the pulseaudio-discuss mailing list