[systemd-devel] Automatic user ACL management

Mikhail Morfikov mmorfikov at gmail.com
Mon May 18 09:16:58 PDT 2015 

On Mon, 18 May 2015 17:38:33 +0200
Lennart Poettering <lennart at poettering.net> wrote:

> On Sun, 17.05.15 12:46, Mikhail Morfikov (mmorfikov at gmail.com) wrote:
> 
> > As you can read, for instance here
> > ( http://enotty.pipebreaker.pl/2012/05/23/linux-automatic-user-acl-management/
> > ), logind, which is a part of systemd, can set permissions to some
> > devices for user sessions. There's also a vid showing how this kind
> > of behavior works in practice
> > ( https://www.youtube.com/watch?v=qcD4Qr5ldbI ). In short, if you
> > start, let's say, amarok, and you play some song, you will hear the
> > sound till you switch to another user or TTY where you have only the
> > login prompt. That's because the active session became inactive.
> > 
> > I know that you can simply add a user (or users) to a specific
> > group, in this case "audio", and that will 'fix' this issue, but
> > I'm wondering if there's another solution. What I really want is to
> > set some permissions for the process so it could use the sound card
> > all the time, even when all users have their sessions locked.
> > 
> > Is that possible? I'm asking because I often listen to the music
> > and I don't really need my monitor to be on most of the time, so I
> > just lock the screen. But when I lock the screen, the active
> > session becomes inactive and amarok stops playing. And yes, the
> > screen should be locked, and not just turned off.
> 
> To my knowledge GNOME runs the screen lock from the same session, and
> thus does not suffer by the problem...
> 
> Generally, making your process member of the "audio" group is the way
> to go, if you want to forego the per-session device access control
> logic logind implements. You can use /usr/bin/newgrp to join a group
> for some of your processes only.
> 
> Lennart
> 

Something is wrong. I did the following steps:

$ newgrp audio

In the log I have the following message:

May 18 18:02:19 morfikownia newgrp[80543]: user 'morfik' (login 'morfik' on pts/7) switched to group 'audio'

Then I started amarok (in the same terminal):

$ amarok
$ ps -eo user,group,args | grep amarok
morfik   audio    amarok

So it says the process has the audio group, but the sound disappears
when I switch to TTY, so nothing has changed. Should this happen, or am I
supposed to do something else in order to make it work?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150518/91cf229d/attachment-0001.sig>

More information about the systemd-devel mailing list