[linux-audio-user] running jack as non-root?

Jack O'Quin joq at io.com
Sat Feb 28 09:07:53 EST 2004

Previous message: [linux-audio-user] running jack as non-root?
Next message: [linux-audio-user] running jack as non-root?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hasse Hagen Johansen <hhj at musikcheck.dk> writes:

> >>>>> "Arnold" == Arnold Krille <arnold at arnoldarts.de> writes:
> 
>     Arnold> Apart from other "official" solutions I did set the suid
>     Arnold> flag on all the binaries I need and changed the group to
>     Arnold> audio (and let others not execute the bins)...
> 
>     Arnold> That way I can have excellent latency times while still
>     Arnold> being my normal user.
> 
> I actually thought of that earlier. It is possibly one the easiest
> solutions.

Maybe the easiest, but probably also the least secure.  

>From a security perspective it is better to login as root than to use
setuid.  Then at least, the person running untrusted code with
super-powers has to know the root password.  His judgement may be in
question, but his authority is not.  :-)

> I just started the thread to hear about how people did get realtime
> CAp as a normal user.....I think it actually makes sence to make an
> audio group...could also set the permissons on the audio devices etc.

The `audio' group is a good idea, and has standard support in both
Gentoo and Debian.  I'm not sure about other distributions, but it is
easy to add this group yourself if it's not already defined.

Sadly, Linux development remains quite disorganized when it comes to
realtime privileges.  I wish there were a simple answer to your
question.

My feeling is that the best available approach is granting realtime
privileges based on membership in this group.  With 2.4 kernels that
requires a kernel patch.  Several have been posted in the past, but
AFAIK none are actively maintained.

For 2.6 kernels, there is a dynamically-installable Linux Security
Module[1] originally written by Torben Hohn, later modified and
packaged by me.  Although still experimental, I support it and intend
to make it an official project.  It does not require any kernel
patches, but you do need kernel sources to build it.  This LSM grants
realtime privileges based on several user-controlled options[2].

  [1] http://www.joq.us/realtime
  [2] http://www.joq.us/realtime/README

The option I recommend and use is `gid=29', which grants realtime
privileges to any process belonging to the Debian `audio' group.
Adding a user ID to this group grants access to both the audio device
and to the necessary realtime privileges.
-- 
  joq

Previous message: [linux-audio-user] running jack as non-root?
Next message: [linux-audio-user] running jack as non-root?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audio-user mailing list