[systemd-devel] Automatic user ACL management

Lennart Poettering lennart at poettering.net
Mon May 18 08:38:33 PDT 2015

On Sun, 17.05.15 12:46, Mikhail Morfikov (mmorfikov at gmail.com) wrote:

> As you can read, for instance here
> ( http://enotty.pipebreaker.pl/2012/05/23/linux-automatic-user-acl-management/
> ), logind, which is a part of systemd, can set permissions to some
> devices for user sessions. There's also a vid showing how this kind of
> behavior works in practice
> ( https://www.youtube.com/watch?v=qcD4Qr5ldbI ). In short, if you
> start, let's say, amarok, and you play some song, you will hear the
> sound till you switch to another user or TTY where you have only the
> login prompt. That's because the active session became inactive.
> I know that you can simply add a user (or users) to a specific group,
> in this case "audio", and that will 'fix' this issue, but I'm wondering
> if there's another solution. What I really want is to set some
> permissions for the process so it could use the sound card all the
> time, even when all users have their sessions locked.
> Is that possible? I'm asking because I often listen to the music and I
> don't really need my monitor to be on most of the time, so I just lock
> the screen. But when I lock the screen, the active session becomes
> inactive and amarok stops playing. And yes, the screen should be
> locked, and not just turned off.

To my knowledge GNOME runs the screen lock from the same session, and
thus does not suffer by the problem...

Generally, making your process member of the "audio" group is the way
to go, if you want to forego the per-session device access control
logic logind implements. You can use /usr/bin/newgrp to join a group
for some of your processes only.


Lennart Poettering, Red Hat

More information about the systemd-devel mailing list