20 May
2010
20 May
'10
4:59 a.m.
On Wed, 19 May 2010, Fernando Lopez-Lezcano wrote:
I have always given access to realtime scheduling to
all users, so that
you don't need to do anything with group membership (the simplest out of
the box experience). That is, of course, not as secure as having a group
for that purpose (as someone will surely point out), but, well, it is
what I do at CCRMA. Anyone can use jack, anyone can mess up a computer
using it :-)
That's probably appropriate in your lab, where all users are
audio
users, but CCRMA@home might find other little fingers curiously poking
about...
Yes, the old 'security vs. convenience' tradeoff. I'm not knowledgable
enough to quantify the risks associated with jack and those associated
with raw1394. Would you want to give both to everybody? How would you go
about it? Fedora creates a group for each user, so there's no 'users'
group. Can a udev rule be written to chmod o+rw /dev/raw1394?
(shudder...) If you decide that even one item should be limited to group
access, then you need to remind the users to add themselves to that group,
and you might as well restrict the other resources to that group as well.
I should make it more clear that it is best to install the Planet CCRMA
jack package...
Yes, just a reminder to 'yum upgrade' after installing
the repositories.
--
Rick Green
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-Benjamin Franklin
"As for our common defense, we reject as false the choice between our
safety and our ideals."
-President Barack Obama 20 Jan 2009