TheAudioGroup
|
Size: 2180
Comment:
|
Size: 2180
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 11: | Line 11: |
| * When you're running an old, now unsupported version of Ubuntu which does not have proper console-kit integration (TODO: Look up and specify which versions of Ubuntu that is.) | * When you're running an old, now unsupported version of Ubuntu which does not have proper !ConsoleKit integration (TODO: Look up and specify which versions of Ubuntu that is.) |
The short version
For most common usecases, no user should ever be in the audio group.
Being in the audio group is the same as having selected "use audio devices" under "User administration" -> "Advanced" -> "Privileges". In other words, this checkbox should not be checked.
Exceptions
- When you want a user to be able to access a soundcard even if he is not logged in.
- When you're running a system-wide daemon that is never logged in but still needs sound card access
When you're running an old, now unsupported version of Ubuntu which does not have proper ConsoleKit integration (TODO: Look up and specify which versions of Ubuntu that is.)
Implications
If you decide you want the user to be in the Audio group, you should know that this user can access the sound card even if he is not logged in. And at the lowest level, only one user/application can grab access to the sound card at the same time.
So assume, for example, that user A is in the audio group is logged in, and is playing music. User B wants the computer temporarily, so they switch users (via fast-user-switching, without user A logging out). Since A can still use the sound card, A's music will continue to play and user B can't access the sound card (regardless of whether B is in the audio group or not).
Or assume that B is sitting in front of the computer, not using the sound card at the moment. A, who is in the audio group, logs in remotely, and can now grab access to the sound card. Should A decide to do so, this means that B suddenly cannot play audio anymore while A is using it. A can also record from the sound cards inputs, so if the machine e g has a built-in microphone, A could in a sense "spy" on B.
Why
The ConsoleKit daemon automatically handles that the current logged in user gets access to the audio device. It does so by setting access to the sound device nodes (i e everything under /dev/snd/* ). You can verify that by downloading the acl package, then running the "getfacl /dev/snd/* " terminal command, it should list the current logged in user as having read and write access.
Audio/TheAudioGroup (last edited 2013-01-17 13:19:34 by hd9483857)