[linux-audio-user] jack and setuid
Florian Schmidt
mista.tapas at gmx.net
Wed Nov 2 12:38:29 EST 2005
On Wed, 2 Nov 2005 14:25:45 +0100
conrad berhörster <conrad.berhoerster at gmx.de> wrote:
> Am Mittwoch, 2. November 2005 14:02 schrieb Paul Davis:
> thanks paul,
> > > bash-3.00# chmod ugo+s /usr/local/bin/jackd
> > > bash-3.00# exit
> > > bash-3.00$ ls -la /usr/local/bin/jackd
> > > -rwsr-sr-x 1 root root 206476 2005-11-01 15:23 /usr/local/bin/jackd
> >
> > this is a really, really, really bad thing to do.
> yes, i have read that, because of security. but don't know a better way.
>
> > there is no reason to
> > run jackd as root or set it up as setuid root. you should be using some
> > kernel-based technique that allows you to get realtime priviledges
> > without being root (capabilities on 2.4 kernels, realtime-lsm for 2.6.12
> > or lower, or the new rtlimits code for 2.6.13 or above).
> since i'm using 2.6.14 , you mean set_rtlimits from
> http://www.physics.adelaide.edu.au/~jwoithe/set_rtlimits-1.1.0.tgz ?
>
> but if i run jack as a user, there are no capture ports, and i have tons of
> xruns.
Just for completeness sake: You can use the realtime lsm for 2.6.13 and
above, too. I would even recommend it, since it's much less of a hassle
to setup (rt_limits being the "correct" solution or not).
Flo
--
Palimm Palimm!
http://tapas.affenbande.org
More information about the Linux-audio-user
mailing list