On Sat, Nov 24, 2012 at 07:00:10PM +0100, Tom Gundersen wrote:
On Nov 23, 2012 12:21 AM, "MSal" <msal@tormail.org> wrote:
I asked about this in the forum. But it looks like this is a better place to discuss systemd-related issues.
If I login to user1 or user2 then try to play audio which requires access to /dev/snd/* , proper access to the logged in user is set by the session and everything works correctly.
But, if I login to user1 then su to user2, audio wouldn't work because access permissions are assigned to the session user only (user1).
Any idea how to fix this issue?
Could you elaborate a bit on what you are trying to do? (there might be a better way without using 'su'.
The behaviour you are getting is by design, so there is nothing really to fix. However, you can of course make the system behave the way you want:
Either, assign your devices to the audio group and the same with your users.
.....
Or add systemd_pam to the su pam file. This will create a new session for you when you use su and should therefore adjust the ACLs accordingly.
pam_systemd is exactly what I was looking for. It works with systemd's/logind's upstream behaviour instead of working around it. For reference, I added the following 2 lines to both /etc/pam.d/su{,-l} as I want a unified behaviour for all su invocations. Both files are backup which is an added plus: session required pam_loginuid.so session required pam_systemd.so kill-session-processes=1 Warning: This will break su in already-open sessions. Note: "pam_loginuid.so" is an absolute requirement for this use-case not just a recommendation. Check out `man 8 pam_systemd` and `man 8 pam_loginuid` for more info.