On Sat, Jun 6, 2009 at 3:18 PM, Alexandre Ratchov<a...@caoua.org> wrote:
> On Fri, Jun 05, 2009 at 06:02:01PM -0400, Ryan Flannery wrote:
>> With the recent work done to the audio system on OpenBSD, a buddy of
>> mine and I figured it should be easy to setup two-way voice-chat
>> between two OpenBSD clients using nothing more than aucat(1) and
>> ssh(1). As we found out, it is both very easy and very usable! We
>> have telephone-quality chatting working with a <= 1 second delay in
>> the audio (after a few minutes of chatting, this is unnoticeable).
>>
>> First, a hearty thanks to Jacob Meuser and the other OpenBSD
>> developers who have worked hard on this recently. Your efforts are
>> both noticed and greatly appreciated.
>>
>> Second, I have a couple of questions...
>>
>> 1. We, the two users chatting (users neal and ryan) have ssh accounts
>> on each other's machines. To voice-chat with each other, what we did
>> boils down to the following:
>>
>> ryan# aucat -l
>> ryan# aucat -o - | ssh r...@neals-machine aucat -i -
>>
>> User neal would do the same, only to my (ryan's) machine.
>> When aucat is run in server-mode ('aucat -l') it creates a socket in
>> "/tmp/aucat-USERID/default" where USERID is the uid of the user who
>> ran the command (aucat -l). For another user (neal) to bind to this
>> socket, we had to make this socket available to the other user, namely
>>
>> ryan# grep ryan /etc/passwd
>> (find ryan's uid, call it RYANSID)
>> ryan# grep neal /etc/passwd
>> (find neal's uid, call it NEALSID)
>> ryan# aucat -l
>> ryan# cd /tmp/
>> ryan# chmod 755 aucat-RYANSID
>> ryan# ln -s aucat-RYANSID aucat-NEALSID
>>
>
> if you use hard links instead of soft links, you can
> ``share'' your socket with another user without changing the
> socket directory permissions (so you avoid giving it to all
> users).
>
Classy! I was looking for a way to do this but the manpage didn't
mention anything.
>> Neal would do the same on his machine, only reversed.
>> Question: is it possible to run aucat(1) in such a way that the socket
>> it creates in 'global', such that other users can connect to it?
>> A quick perusing of the man/archives and the source says no... but I
>> may be missing something.
>>
>
> no, there's no way for that. Even if we start supporting
> ``shared sockets'' (i hope so), they will not be usable
> simultaneously by multiple users (to avoid evesdropping).
> Fine grained access control might solve this problem, but is
> too complicated and outside the scope of aucat.
What good are shared sockets if they aren't usable simultaneously??
use case: I'm always wanting to set up and audio-studio box, and right
now aucat lets me, but what if I want to have myself and a hundred of
my closest friends play a midi-orchestra all routed through the one
box with everyone running their own session on a (remote) frontend? I
could just make a shared 'music' account but that's a workaround for
an awkward system.
Please, don't necessarily make a -g(lobal) flag for aucat, but don't
restrict its flexibility by forcing restrictions in the name of
security. The OS is perfectly competent as handling security with file
permissions like it's designed to. Just add a way for each user to
specify what socket they want sndio to talk to? Like a /etc/sndiorc
and ~/.sndiorc pair. Then to make a global socket you would set it in
your global /etc/sndiorc and then sound would Just Work for every user
and you'd only have to start aucat -l once, but users would still have
to be in the audio group or whatever to use this. Conversely, if
you're actually worried about eavesdropping you can run aucat -l like
usual.
Actually, you could hack this now: make an 'audio' user, at boot do
"sudo -u audio aucat -l" and also create links to the socket that made
for each user on the system. I don't know what's worse: recreating
links at each boot or having to have a config file.
-Nick
