[arch-general] systemd sessions, su -l, and access to /dev/

MSal msal at tormail.org
Fri Nov 23 13:33:23 EST 2012

On Fri, Nov 23, 2012 at 11:20:31AM +0000, Fons Adriaensen wrote:
> On Fri, Nov 23, 2012 at 01:15:29AM +0300, MSal wrote:
> > Hello.
> > 
> > I asked about this in the forum. But it looks like this is a better
> > place to discuss systemd-related issues.
> > 
> > If I login to user1 or user2 then try to play audio which requires
> > access to /dev/snd/* , proper access to the logged in user is set by
> > the session and everything works correctly.
> > 
> > But, if I login to user1 then su to user2, audio wouldn't work because
> > access permissions are assigned to the session user only (user1).
> > 
> > Any idea how to fix this issue?
> This is not really systemd but logind meddling with device permissions
> to enforce its 'seat' and 'session' security scheme.

It's all a part of systemd.

> Quoting Tom G.:
>   A brute-force way to avoid all of that is to "mask" it. I.e., symlink
>   /etc/udev/rules.d/70-uaccess.rules to /dev/null.
> Then use udev to assign group rights on audio devices to the 'audio'
> group, make sure that users who need audio are members of that group,
> and things will work as you want.

I was hoping for a cleaner solution. Maybe group session support where
ACLs are applied on groups instead of users! Using ACLs for users only
and voiding the historical support for groups is hardly progress. Or
maybe I'm missing something.

70-uaccess.rules is not a backup file and AFAIK any modifications will
be overwritten in the next update.

I commented the line:
 SUBSYSTEM=="sound", TAG+="uaccess"
and re-added the audio group as a workaround for now.

More information about the arch-general mailing list