[systemd-devel] Automatic user ACL management

Reindl Harald h.reindl at thelounge.net
Sun May 17 05:29:15 PDT 2015

Am 17.05.2015 um 14:20 schrieb Mikhail Morfikov:
> On Sun, 17 May 2015 12:55:18 +0200
> Reindl Harald <h.reindl at thelounge.net> wrote:
>> Am 17.05.2015 um 12:46 schrieb Mikhail Morfikov:
>>> Is that possible? I'm asking because I often listen to the music
>>> and I don't really need my monitor to be on most of the time, so I
>>> just lock the screen. But when I lock the screen, the active
>>> session becomes inactive and amarok stops playing. And yes, the
>>> screen should be locked, and not just turned off
>> that's a pulseaudio problem and if you run pulsed as system-wide
>> audio is indepdendent of sessions and you may want to look at MPD
>> which can even start playing music after power on the machine without
>> login
> I see, I've read this article:
> http://www.freedesktop.org/wiki/Software/PulseAudio/Documentation/User/SystemWide/
> and I've changed the pulseaudio config file a little bit:
> allow-module-loading = no
> allow-exit = no
> system-instance = yes
> enable-shm = no
> exit-idle-time = -20
> then I started pulseaudio in the system mode and I was able to play
> sound all the time. But there's another question -- is there any
> difference between pulseaudio in system mode and pulseaudio in user
> mode + adding specific users to the "audio" group? I mean in the link I
> had given in the previous post, you can read something like this: "By
> the way, you don't want users permanently added to groups like audio or
> video. Such user would be able to ssh into the machine while you are
> using it and spy on you using webcam, microphone etc. Access to such
> critical peripherals should only be granted for active user." Does this
> concern pulseaudio in the system mode with users added to the
> pulse-access group?

well, the real question is

* do you have a webcam or microphone
* do you have other users which are allowed to use ssh

i don't have any of them and so there is no point in secure my audio 
output to fore me login in a grapical session and lose music at logout

MPD is running 365/24/7 and even if a different user is logged in he is 
allowed to listen to music on the connected HiFi and connect with a mpd 
client to switch it - 95% of all systems out there are fine with that 
and the defaults are for the remaining 5%

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150517/6dc4899a/attachment.sig>

More information about the systemd-devel mailing list