[LAU] systemd woes with jackd and its permissions (raspbian)
jajcus at jajcus.net
Mon Jan 28 15:42:01 CET 2019
On 28/01/2019 15.14, Brent Busby wrote:
> Jacek Konieczny <jajcus at jajcus.net> writes:
>> When using systemd to start the service, use systemd directives to set
>> the limits. systemd won't start PAM session for this service, so
>> /etc/security/limits.conf is not used.
> Which kind of defeats the purpose of PAM being a central configuration
> for all your machine's security policies, doesn't it?
PAM is not a central configuration for machine's security polices. It
has never been. PAM is just used for setting up user login sessions.
PAM has no relations to processes running with user credentials outside
of a login session and Jack server is not a service which necessarily
needs to be bound to a used session. Especially in an embedded scenario,
like a Raspberry Pi-based system.
Setting up a user-session via PAM is an overkill for a system-wide
daemon (and jack becomes such in this use case) and setting process
limits for such a daemon in through the init process is the best place
to do it.
> Someday soon, if Red Hat keeps taking Linux in this direction, every
> config file in /etc will be like this, vestigial remains of a time when
> Linux machines were setup similar to other UNIX systems, now no longer
> used by any facility on your machine. Hail, systemd!
Although some systemd based setups had problems with PAMs settings being
ignored in a user session, this is not the case.
Starting jackd from /etc/systemd/system unit is like starting it from
/etc/init.d script. PAM wouldn't be used there (unless someone forces it
through 'su -') even long time before systemd was a thing.
More information about the Linux-audio-user