[linux-audio-user] running jack as non-root?

Hasse Hagen Johansen hhj at musikcheck.dk
Sat Feb 28 09:50:12 EST 2004


>>>>> "Jack" == Jack O'Quin <joq at io.com> writes:

    Arnold> Apart from other "official" solutions I did set the suid
    Arnold> flag on all the binaries I need and changed the group to
    Arnold> audio (and let others not execute the bins)...
    >>
    Arnold> That way I can have excellent latency times while still
    Arnold> being my normal user.
    >>  I actually thought of that earlier. It is possibly one the
    >> easiest solutions.

    Jack> Maybe the easiest, but probably also the least secure.

Yes. I know :-)

    >> From a security perspective it is better to login as root than
    >> to use
    Jack> setuid.  Then at least, the person running untrusted code
    Jack> with super-powers has to know the root password.  His
    Jack> judgement may be in question, but his authority is not.  :-)

    >> I just started the thread to hear about how people did get
    >> realtime CAp as a normal user.....I think it actually makes
    >> sence to make an audio group...could also set the permissons on
    >> the audio devices etc.

    Jack> The `audio' group is a good idea, and has standard support
    Jack> in both Gentoo and Debian.  I'm not sure about other
    Jack> distributions, but it is easy to add this group yourself if
    Jack> it's not already defined.

    Jack> Sadly, Linux development remains quite disorganized when it
    Jack> comes to realtime privileges.  I wish there were a simple
    Jack> answer to your question.

    Jack> My feeling is that the best available approach is granting
    Jack> realtime privileges based on membership in this group.  With
    Jack> 2.4 kernels that requires a kernel patch.  Several have been
    Jack> posted in the past, but AFAIK none are actively maintained.

    Jack> For 2.6 kernels, there is a dynamically-installable Linux
    Jack> Security Module[1] originally written by Torben Hohn, later
    Jack> modified and packaged by me.  Although still experimental, I
    Jack> support it and intend to make it an official project.  It
    Jack> does not require any kernel patches, but you do need kernel
    Jack> sources to build it.  This LSM grants realtime privileges
    Jack> based on several user-controlled options[2].

    Jack>   [1] http://www.joq.us/realtime [2]
    Jack> http://www.joq.us/realtime/README

    Jack> The option I recommend and use is `gid=29', which grants
    Jack> realtime privileges to any process belonging to the Debian
    Jack> `audio' group.  Adding a user ID to this group grants access
    Jack> to both the audio device and to the necessary realtime
    Jack> privileges.  -- joq

Hmm. There is some discussion if the LSM is actually very secure. That
why RSBAC is not using/is implemented as an LSM, but of course there
is always discussions... and I cannot use 2.6.x kernels right now
because fo some promise raid drivers (Yeahh that was the wrong choice
should have used linux md instead)

I was actualy thinking about if I could use EA/ACL and/or rsbac or
grsecurity, for granting specific users running specific executables
the Realtime capability

/Hasse




More information about the Linux-audio-user mailing list