Re: [Jack-Devel] jack - audio group - package install

PrevNext  Index
DateTue, 24 Jan 2012 17:18:46 -0800
From Fernando Lopez-Lezcano <[hidden] at ccrma dot Stanford dot EDU>
ToFons Adriaensen <[hidden] at linuxaudio dot org>
Cc[hidden] at lists dot jackaudio dot org
In-Reply-ToFons Adriaensen Re: [Jack-Devel] jack - audio group - package install
Follow-UpFons Adriaensen Re: [Jack-Devel] jack - audio group - package install 
On 01/24/2012 03:26 PM, Fons Adriaensen wrote:
> On Tue, Jan 24, 2012 at 01:47:32PM -0800, Fernando Lopez-Lezcano wrote:
>
>> Ideally you install an extra package that has a suitable configuration
>> file and only users that login physically to the computer would be
>> granted rt access and only during the duration of the login (if users
>> are switched, permissions follow the currently active user, etc, etc).
>
> That would be IMHO not be the ideal but the worst solution.

I disagree. It would be ideal.

> A few things to consider:
[MUNCH]
> * What is wrong with real-time privileges anyway ? OSX grants them
> to all users. There are lots of other ways to create havoc anyway.
> Just pull out the power plug for example. And on any recent system
> you can't block a system by abusing RT.

I don't think there is anything wrong with RT privileges.

> * Security starts with awareness, and requires taking on individual
> responsability and knowing how to do that. Anything else is not
> security but just an illusion of it. If a user can't be bothered to
> add himself to the 'audio' group when told to do so by a post-install
> message, not even when his fancy desktop provides a dummy-aware app to
> do it and maybe it even pops up automagically, then let's accept that
> such a user is beyond repair and so be it. Why should anyone care about
> that, unless that anyone's aim is to ensure that that the user *remains*
> incompetent to take things into his/her own hands.

I try to give users (and that includes myself) the least amount of 
privileges that still allows them to do the work they need to do. 
Nothing less. Nothing more.

We could as well say there is no need for filesystem permissions or user 
accounts. We would just all login as root and share the system 
responsibly. And yes, it would work if all users sharing such a system 
were responsible and knowledgeable. I would not do that. It would only 
be a matter of time till I nuked the system :-)

If there is a way to give RT privileges to only the user sitting in 
front of the console and using the system I will use that. In my 
scenario it is the only user in that machine that needs that privilege. 
There is nothing wrong with the process being automatic and requiring no 
configuration.

 From the point of view of the user it makes no difference to do that, 
or give access to all users all the time. In both cases the work gets 
done. But universal access is not necessary to get the work done.

And I would not (and do not) set up this way, say, the Listening Room 
workstation that runs OpenMixer (and Jack) all the time with no users 
around.

-- Fernando
PrevNext  Index

1327454351.2143_0.ltw:2,a <4F1F5876.9080200 at localhost>