I have set my /dev/sound/* to 660 in my devfsd.conf and it works if I log in as a user as the first user. As soon as I log out and log back in as root, all the entries in /dev/sound becomes root/root 600. As a result, when I log back in as a user, I cant access the sound devices. I'm using oss drivers built into the kernel and kernel 2.4.23. Reproducible: Always Steps to Reproduce:
Could you post the relevant portions of devfsd.conf? Have you tried alsa isntead of OSS, or is that not an option?
Here is my relevant section of devfsd.conf # ALSA/OSS stuff # Comment/change these if you want to change the permissions on # the audio devices LOOKUP snd MODLOAD ACTION snd LOOKUP dsp MODLOAD LOOKUP mixer MODLOAD LOOKUP midi MODLOAD REGISTER sound/.* PERMISSIONS root.audio 660 REGISTER snd/.* PERMISSIONS root.audio 660 Alsa drivers dont work well with me, this is a plain old oss setup, and there's no reason why it shouldnt work, thanks. In the forum, someone suggested Change this line in /etc/security/console.perms: #<console> 0600 <sound> 0600 root.audio <console> 0660 <sound> 0600 root.audio it will change /dev/sound/* into 660 (which previously could not even after changing devfsd.conf) but logging in as root will still convert them back to 600.
please see follow ups in slightly unrelated bug #31877 and lotsa older bugs for a complete problem description problem ur experiencing is pam_console and devfsd working against each other what simply cannot work
I've read through the other bug but being quite a linux newbie myself, I dont quite understand what I must do. Could you please explain the solution? Thanks
quite a difficult issue. from what ive learned in the last couple of months pam_console is is just evil and should not be use in the first place; as is saving permissions in /lib/dev-state (restores permsiisons of dynamic devices that maybe no longer exist) our admins have set up a custom pam and baselayout that avoid all redhatisms (nothing personal but lack of response on #31877 forced them to do that); now devfsd.conf does all the work how its supposed to do. on a sole one user box just commenting out the <sound> line in console.perms should solve the entire problem; after all you get access per audio group and default 660 perms from devfsd.conf. on true multi user boxes i'd advice to grant audio membership only to local logins; also true for floppy, cdrom, and other devices not useful for remote users. logging in as root should not affect pam_console at all; at least it did not up to and including pam-0.76. if it does now it looks like a different bug to me.
I have commented the line #<console> 0660 <sound> 0600 root.audio rebooted and same effect. (actually further testing reveals that logging as root isnt even necessary. I changed to use kdm, and as soon as I end my *first* section, the permissions are changed to 600.) I'm happy to provide more information about my box. Please help thank you so much.
what does 'ls -l /lib/dev-state/{sound,snd}/*' say? if files in there are still mode 600, /lib/dev-state is the root of all evil and this looks like exactly the same problem as bug #31877 (pam_console forced permissions stored in dev-state forever) if not, whats the pam maintainers's opinion?
actually by commenting out that line, it seems the problem is fixed, I'm happy with this, although being a linux newbie, I dont know the security impact of this change. Thanks
Fixed by commenting out the proper portions.