On Fri, Nov 23, 2012 at 11:20:31AM +0000, Fons Adriaensen wrote:
On Fri, Nov 23, 2012 at 01:15:29AM +0300, MSal wrote:
Hello.
I asked about this in the forum. But it looks like this is a better place to discuss systemd-related issues.
If I login to user1 or user2 then try to play audio which requires access to /dev/snd/* , proper access to the logged in user is set by the session and everything works correctly.
But, if I login to user1 then su to user2, audio wouldn't work because access permissions are assigned to the session user only (user1).
Any idea how to fix this issue?
This is not really systemd but logind meddling with device permissions to enforce its 'seat' and 'session' security scheme.
It's all a part of systemd.
Quoting Tom G.:
A brute-force way to avoid all of that is to "mask" it. I.e., symlink /etc/udev/rules.d/70-uaccess.rules to /dev/null.
Then use udev to assign group rights on audio devices to the 'audio' group, make sure that users who need audio are members of that group, and things will work as you want.
I was hoping for a cleaner solution. Maybe group session support where ACLs are applied on groups instead of users! Using ACLs for users only and voiding the historical support for groups is hardly progress. Or maybe I'm missing something. 70-uaccess.rules is not a backup file and AFAIK any modifications will be overwritten in the next update. I commented the line: SUBSYSTEM=="sound", TAG+="uaccess" and re-added the audio group as a workaround for now.