[linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24
Jack O'Quin
joq at io.com
Tue Nov 18 03:59:11 UTC 2003
martin rumori <ptiger at gmx.de> writes:
> > > Also, 0 is a valid group ID, `root', which might be a reasonable
> > > choice if groups like `audio' and `realtime' are undefined. How about
> > > using -1, instead? Or, maybe `nogroup' (65534 on my system).
> >
> > Yes, probably "nogroup" is the best option. I think it is "nobody" in my
> > system - so we cannot rely on the same name either... yuck...
>
> i think it would be safer to use 0, which means root (and is kinda
> senseless) as default. granting realtime privileges to everybody is
> exactly what we don't want... and it's likely to do that by accident
> when having this as a default.
>
> or did i miss the meaning of "nogroup"? i ever thought that this is
> the group for users which are granted really NOTHING...
Nando's original suggestion was to use 0 for allowing access to
everybody. I felt that group `root' (gid 0) was a useful value, so I
suggested some different code point possibilities for "everybody". I
actually prefer -1, since that is not a valid group number.
But, I also mentioned `nogroup' (65534) as a possibility (`nobody' on
some systems). Some daemons actually run with this group to avoid
gaining access to real groups. So, I don't think it a very good idea.
I agree that 0 should be the default. It exists on every system and
is rather restrictive, so people won't accidentally grant more access
than they intended.
To summarize, my proposal is:
sysctl -w kernel/realtime=0 # disable realtime privileges
sysctl -w kernel/realtime=1 # enable realtime privileges
# for `root' group
sysctl -w kernel/realtime=1 # enable realtime privileges
sysctl -w kernel/realtimegroup=-1 # for every process
sysctl -w kernel/realtime=1 # enable realtime privileges
sysctl -w kernel/realtimegroup=29 # for `audio' group
Only root can write these variables. If possible, let's agree on a
standard gid to use for group `realtime', there isn't one now.
--
joq
More information about the Linux-audio-dev
mailing list