On Sat, Jun 06, 2009 at 11:10:29PM -0400, Nick Guenther wrote:
> On Sat, Jun 6, 2009 at 3:18 PM, Alexandre Ratchov<a...@caoua.org> wrote:
> > On Fri, Jun 05, 2009 at 06:02:01PM -0400, Ryan Flannery wrote:
> >> With the recent work done to the audio system on OpenBSD, a buddy of
> >> mine and I figured it should be easy to setup two-way voice-chat
> >> between two OpenBSD clients using nothing more than aucat(1) and
> >> ssh(1). As we found out, it is both very easy and very usable! We
> >> have telephone-quality chatting working with a <= 1 second delay in
> >> the audio (after a few minutes of chatting, this is unnoticeable).
> >>
> >> First, a hearty thanks to Jacob Meuser and the other OpenBSD
> >> developers who have worked hard on this recently. Your efforts are
> >> both noticed and greatly appreciated.
> >>
> >> Second, I have a couple of questions...
> >>
> >> 1. We, the two users chatting (users neal and ryan) have ssh accounts
> >> on each other's machines. To voice-chat with each other, what we did
> >> boils down to the following:
> >>
> >> ryan# aucat -l
> >> ryan# aucat -o - | ssh r...@neals-machine aucat -i -
> >>
> >> User neal would do the same, only to my (ryan's) machine.
> >> When aucat is run in server-mode ('aucat -l') it creates a socket in
> >> "/tmp/aucat-USERID/default" where USERID is the uid of the user who
> >> ran the command (aucat -l). For another user (neal) to bind to this
> >> socket, we had to make this socket available to the other user, namely
> >>
> >> ryan# grep ryan /etc/passwd
> >> (find ryan's uid, call it RYANSID)
> >> ryan# grep neal /etc/passwd
> >> (find neal's uid, call it NEALSID)
> >> ryan# aucat -l
> >> ryan# cd /tmp/
> >> ryan# chmod 755 aucat-RYANSID
> >> ryan# ln -s aucat-RYANSID aucat-NEALSID
> >>
> >
> > if you use hard links instead of soft links, you can
> > ``share'' your socket with another user without changing the
> > socket directory permissions (so you avoid giving it to all
> > users).
> >
>
> Classy! I was looking for a way to do this but the manpage didn't
> mention anything.
>
> >> Neal would do the same on his machine, only reversed.
> >> Question: is it possible to run aucat(1) in such a way that the socket
> >> it creates in 'global', such that other users can connect to it?
> >> A quick perusing of the man/archives and the source says no... but I
> >> may be missing something.
> >>
> >
> > no, there's no way for that. Even if we start supporting
> > ``shared sockets'' (i hope so), they will not be usable
> > simultaneously by multiple users (to avoid evesdropping).
> > Fine grained access control might solve this problem, but is
> > too complicated and outside the scope of aucat.
>
>
> What good are shared sockets if they aren't usable simultaneously??
>
> use case: I'm always wanting to set up and audio-studio box, and right
> now aucat lets me, but what if I want to have myself and a hundred of
> my closest friends play a midi-orchestra all routed through the one
> box with everyone running their own session on a (remote) frontend? I
> could just make a shared 'music' account but that's a workaround for
> an awkward system.
you could do this more easily with jackd/netjack.
> Please, don't necessarily make a -g(lobal) flag for aucat, but don't
> restrict its flexibility by forcing restrictions in the name of
> security. The OS is perfectly competent as handling security with file
> permissions like it's designed to. Just add a way for each user to
> specify what socket they want sndio to talk to? Like a /etc/sndiorc
> and ~/.sndiorc pair. Then to make a global socket you would set it in
> your global /etc/sndiorc and then sound would Just Work for every user
> and you'd only have to start aucat -l once, but users would still have
> to be in the audio group or whatever to use this.
so, by default, it would work for noone. I really don't like
such solutions.
> Conversely, if
> you're actually worried about eavesdropping you can run aucat -l like
> usual.
I think most people don't realise how easy it is to eavesdrop (or
even that it's possible).
> Actually, you could hack this now: make an 'audio' user, at boot do
> "sudo -u audio aucat -l" and also create links to the socket that made
> for each user on the system. I don't know what's worse: recreating
> links at each boot or having to have a config file.
config file and the extra code/complexity it would force onto
everyone, imo.
--
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org
