[linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24

Jack O'Quin joq at io.com
Tue Nov 18 03:59:11 UTC 2003

Previous message: [linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24
Next message: [linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

martin rumori <ptiger at gmx.de> writes:

> > > Also, 0 is a valid group ID, `root', which might be a reasonable
> > > choice if groups like `audio' and `realtime' are undefined.  How about
> > > using -1, instead?  Or, maybe `nogroup' (65534 on my system).
> > 
> > Yes, probably "nogroup" is the best option. I think it is "nobody" in my
> > system - so we cannot rely on the same name either... yuck...
> 
> i think it would be safer to use 0, which means root (and is kinda
> senseless) as default.  granting realtime privileges to everybody is
> exactly what we don't want...  and it's likely to do that by accident
> when having this as a default.
> 
> or did i miss the meaning of "nogroup"?  i ever thought that this is
> the group for users which are granted really NOTHING...

Nando's original suggestion was to use 0 for allowing access to
everybody.  I felt that group `root' (gid 0) was a useful value, so I
suggested some different code point possibilities for "everybody".  I
actually prefer -1, since that is not a valid group number.

But, I also mentioned `nogroup' (65534) as a possibility (`nobody' on
some systems).  Some daemons actually run with this group to avoid
gaining access to real groups.  So, I don't think it a very good idea.

I agree that 0 should be the default.  It exists on every system and
is rather restrictive, so people won't accidentally grant more access
than they intended.

To summarize, my proposal is:

  sysctl -w kernel/realtime=0           # disable realtime privileges

  sysctl -w kernel/realtime=1           # enable realtime privileges
                                        #   for `root' group

  sysctl -w kernel/realtime=1           # enable realtime privileges
  sysctl -w kernel/realtimegroup=-1     #   for every process

  sysctl -w kernel/realtime=1           # enable realtime privileges
  sysctl -w kernel/realtimegroup=29     #   for `audio' group

Only root can write these variables.  If possible, let's agree on a
standard gid to use for group `realtime', there isn't one now.
-- 
  joq

Previous message: [linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24
Next message: [linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audio-dev mailing list