[opensuse] how to disable acl adding after logon on /dev/snd*
![](https://seccdn.libravatar.org/avatar/2b8d515d3bb87850b05af7ae62405a36.jpg?s=120&d=mm&r=g)
Hi Is there anyone, who know, how to disable adding acl rule for current user to /dev/snd/* after logon ? I want to use pulseaudio only and don't allow users to change volume levels, due to problematic volume restore in kmix and inteligent volume autosettings in some applications. MOJE -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
![](https://seccdn.libravatar.org/avatar/54e7c145ef2402a084a020a528f109d6.jpg?s=120&d=mm&r=g)
Am Samstag, 7. November 2009 schrieb Tomas Konir:
Hi
Is there anyone, who know, how to disable adding acl rule for current user to /dev/snd/* after logon ?
Maybe by adding a modified "org.freedesktop.hal.device-access.sound" default privilege setting[0] to /etc/polkit-default-privs.local?
I want to use pulseaudio only and don't allow users to change volume levels, due to problematic volume restore in kmix and inteligent volume autosettings in some applications.
Isn't pulsaudio started with user privileges? Gruß Jan [0] man polkit-default-privs -- The worst thing in the world, next to anarchy, is government. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
![](https://seccdn.libravatar.org/avatar/2b8d515d3bb87850b05af7ae62405a36.jpg?s=120&d=mm&r=g)
Dne 8.11.2009 09:36, Jan Ritzerfeld napsal(a):
Am Samstag, 7. November 2009 schrieb Tomas Konir:
Hi
Is there anyone, who know, how to disable adding acl rule for current user to /dev/snd/* after logon ?
Maybe by adding a modified "org.freedesktop.hal.device-access.sound" default privilege setting[0] to /etc/polkit-default-privs.local?
Thanks, but it didn't help. After login getfacl /dev/snd/* still shows new acl for logged user.
I want to use pulseaudio only and don't allow users to change volume levels, due to problematic volume restore in kmix and inteligent volume autosettings in some applications.
Isn't pulsaudio started with user privileges?
No. pulseaudio is started as system service. MOJE -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
![](https://seccdn.libravatar.org/avatar/54e7c145ef2402a084a020a528f109d6.jpg?s=120&d=mm&r=g)
Am Sonntag, 8. November 2009 schrieb Tomas Konir:
Dne 8.11.2009 09:36, Jan Ritzerfeld napsal(a):
Am Samstag, 7. November 2009 schrieb Tomas Konir:
Hi
Is there anyone, who know, how to disable adding acl rule for current user to /dev/snd/* after logon ?
Maybe by adding a modified "org.freedesktop.hal.device-access.sound" default privilege setting[0] to /etc/polkit-default-privs.local?
Thanks, but it didn't help. After login getfacl /dev/snd/* still shows new acl for logged user.
You need to run set_polkit_default_privs[0] manually: In /etc/polkit- default-privs.local I added "org.freedesktop.hal.device-access.sound" with "auth_admin" onyl and rebooted. /var/run/hald/acl-list still showed changes to /dev/snd/*. But after excuting set_polkit_default_privs the entries were gone and getfacl did not list me as a user anymore for, e.g., /dev/snd/controlC0. According to /etc/sysconfig/security, set_polkit_default_privs gets called by SuSEconfig, but that does not seem to work. Gruß Jan [0] there is a section in the openSUSE docs for PolicyKit, especially for modifying and setting privileges: http://www.novell.com/documentation/opensuse111/opensuse111_security/?page=/... -- Form never follows function. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
![](https://seccdn.libravatar.org/avatar/2b8d515d3bb87850b05af7ae62405a36.jpg?s=120&d=mm&r=g)
Dne 8.11.2009 17:20, Jan Ritzerfeld napsal(a):
Am Sonntag, 8. November 2009 schrieb Tomas Konir:
Dne 8.11.2009 09:36, Jan Ritzerfeld napsal(a):
Am Samstag, 7. November 2009 schrieb Tomas Konir:
Hi
Is there anyone, who know, how to disable adding acl rule for current user to /dev/snd/* after logon ?
Maybe by adding a modified "org.freedesktop.hal.device-access.sound" default privilege setting[0] to /etc/polkit-default-privs.local?
Thanks, but it didn't help. After login getfacl /dev/snd/* still shows new acl for logged user.
You need to run set_polkit_default_privs[0] manually: In /etc/polkit- default-privs.local I added "org.freedesktop.hal.device-access.sound" with "auth_admin" onyl and rebooted. /var/run/hald/acl-list still showed changes to /dev/snd/*. But after excuting set_polkit_default_privs the entries were gone and getfacl did not list me as a user anymore for, e.g., /dev/snd/controlC0.
According to /etc/sysconfig/security, set_polkit_default_privs gets called by SuSEconfig, but that does not seem to work.
Gruß Jan
[0] there is a section in the openSUSE docs for PolicyKit, especially for modifying and setting privileges: http://www.novell.com/documentation/opensuse111/opensuse111_security/?page=/...
After exicuting set_polkit_default_privs it works as i want. Thank you and regards. MOJE -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
![](https://seccdn.libravatar.org/avatar/2b8d515d3bb87850b05af7ae62405a36.jpg?s=120&d=mm&r=g)
Dne 8.11.2009 09:36, Jan Ritzerfeld napsal(a):
Am Samstag, 7. November 2009 schrieb Tomas Konir:
Hi
Is there anyone, who know, how to disable adding acl rule for current user to /dev/snd/* after logon ?
Maybe by adding a modified "org.freedesktop.hal.device-access.sound" default privilege setting[0] to /etc/polkit-default-privs.local?
I want to use pulseaudio only and don't allow users to change volume levels, due to problematic volume restore in kmix and inteligent volume autosettings in some applications.
Isn't pulsaudio started with user privileges?
Gruß Jan
[0] man polkit-default-privs
Hi Temporary solution is comment these lines in /lib/udev/rules.d/70-acl.rules : # sound devices #SUBSYSTEM=="sound", ENV{ACL_MANAGE}="1" # sound jack-sense #SUBSYSTEM=="input", SUBSYSTEMS=="sound", ENV{ACL_MANAGE}="1" But this don't survive udev upgrade and i stil looking for better solution. MOJE -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Jan Ritzerfeld
-
Tomas Konir