Re: [linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Other groups

Subject: Re: [linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24
From: Jack O'Quin (joq_AT_io.com)
Date: Tue Nov 18 2003 - 05:59:11 EET

Next message: Paul Davis: "[linux-audio-dev] cross-toolkit host/plugins: significant news"
Previous message: martin rumori: "Re: [linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24"
Next in thread: Roger Larsson: "Re: [linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24"
Maybe reply: Jack O'Quin: "Re: [linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24"

martin rumori <ptiger_AT_gmx.de> writes:

> > > Also, 0 is a valid group ID, `root', which might be a reasonable
> > > choice if groups like `audio' and `realtime' are undefined. How about
> > > using -1, instead? Or, maybe `nogroup' (65534 on my system).
> >
> > Yes, probably "nogroup" is the best option. I think it is "nobody" in my
> > system - so we cannot rely on the same name either... yuck...
>
> i think it would be safer to use 0, which means root (and is kinda
> senseless) as default. granting realtime privileges to everybody is
> exactly what we don't want... and it's likely to do that by accident
> when having this as a default.
>
> or did i miss the meaning of "nogroup"? i ever thought that this is
> the group for users which are granted really NOTHING...

Nando's original suggestion was to use 0 for allowing access to
everybody. I felt that group `root' (gid 0) was a useful value, so I
suggested some different code point possibilities for "everybody". I
actually prefer -1, since that is not a valid group number.

But, I also mentioned `nogroup' (65534) as a possibility (`nobody' on
some systems). Some daemons actually run with this group to avoid
gaining access to real groups. So, I don't think it a very good idea.

I agree that 0 should be the default. It exists on every system and
is rather restrictive, so people won't accidentally grant more access
than they intended.

To summarize, my proposal is:

sysctl -w kernel/realtime=0 # disable realtime privileges

sysctl -w kernel/realtime=1 # enable realtime privileges
# for `root' group

sysctl -w kernel/realtime=1 # enable realtime privileges
sysctl -w kernel/realtimegroup=-1 # for every process

sysctl -w kernel/realtime=1 # enable realtime privileges
sysctl -w kernel/realtimegroup=29 # for `audio' group

Only root can write these variables. If possible, let's agree on a
standard gid to use for group `realtime', there isn't one now.

-- 
  joq

Next message: Paul Davis: "[linux-audio-dev] cross-toolkit host/plugins: significant news"
Previous message: martin rumori: "Re: [linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24"
Next in thread: Roger Larsson: "Re: [linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24"
Maybe reply: Jack O'Quin: "Re: [linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Other groups

This archive was generated by hypermail 2b28 : Tue Nov 18 2003 - 05:57:37 EET