Re: [DNG] supported ways to control user access to audio/video devices
On 26-05-2020 03:22, terryc wrote: > On Mon, 25 May 2020 13:31:49 + > dal wrote: > >> Dear list, >> >> A round of searching and reading did not give me any usable >> explanation of Subj on Devuan. >> >> More specifically, static assignment of users to the "audio"/"video" >> groups is not applicable (on shared, remotely accessible computers). >> >> It looks like ConsoleKit used to be the answer in Debian, >> but in my testing on Beowulf the consolekit package is not compatible >> with any desktop environment besides xfce. >> >> Is this an inherent limitation somewhere, a packaging bug >> or otherwise a misunderstanding on my part? >> >> Regards, >> /D > > My understanding is that it is a inherent limitation of *nix. > Based on the permissions of a user are defined on login and can > not be changed unless the use logs in again in after they gain the > desired permission(s) and thus access to devices and which they can > only do if they are already defined as a user on that particular system. > > Depending on your particular needs, the simple way around this is to > define each user on all systems and the user can then ssh, or > whatever and run the application. As our SOHO is small, this is what > we do, although I'm the only one sometimes inclined to ssh;aplay > test.wav or such to determine a user problem. > > > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng You probably will need a LDAP based solution for this. In mixed environments you could use Samba 4 as a PDC and LDAP provider. It is still on my (long) todo list. Grtz Nick signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] supported ways to control user access to audio/video devices
Thanks to some helpful off-list replies and to additional research, for a casual reader: This access control is implemented via udev and elogind which *is* systemd code and architecture. This is supposed to "just work", for some definition of "work". When it does not, you face a challenge (a systemd issue from 2016 about the lack of documentation for uaccess vs ID_* is still open). /D -Original Message- From: Dng [mailto:dng-boun...@lists.dyne.org] On Behalf Of dal Sent: den 25 maj 2020 15:32 To: 'dng@lists.dyne.org' Subject: [DNG] supported ways to control user access to audio/video devices Dear list, A round of searching and reading did not give me any usable explanation of Subj on Devuan. More specifically, static assignment of users to the "audio"/"video" groups is not applicable (on shared, remotely accessible computers). It looks like ConsoleKit used to be the answer in Debian, but in my testing on Beowulf the consolekit package is not compatible with any desktop environment besides xfce. Is this an inherent limitation somewhere, a packaging bug or otherwise a misunderstanding on my part? Regards, /D ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] supported ways to control user access to audio/video devices
> From: Dng [mailto:dng-boun...@lists.dyne.org] On Behalf Of terryc > Sent: den 26 maj 2020 03:23 > My understanding is that it is a inherent limitation of *nix. Fortunately, for the purposes of installations here, we see some acceptable solutions, my hope was though that Devuan already implemented such functionality. Thanks Terry for your support. Best regards, /D ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] supported ways to control user access to audio/video devices
On Mon, 25 May 2020 13:31:49 + dal wrote: > Dear list, > > A round of searching and reading did not give me any usable > explanation of Subj on Devuan. > > More specifically, static assignment of users to the "audio"/"video" > groups is not applicable (on shared, remotely accessible computers). > > It looks like ConsoleKit used to be the answer in Debian, > but in my testing on Beowulf the consolekit package is not compatible > with any desktop environment besides xfce. > > Is this an inherent limitation somewhere, a packaging bug > or otherwise a misunderstanding on my part? > > Regards, > /D My understanding is that it is a inherent limitation of *nix. Based on the permissions of a user are defined on login and can not be changed unless the use logs in again in after they gain the desired permission(s) and thus access to devices and which they can only do if they are already defined as a user on that particular system. Depending on your particular needs, the simple way around this is to define each user on all systems and the user can then ssh, or whatever and run the application. As our SOHO is small, this is what we do, although I'm the only one sometimes inclined to ssh;aplay test.wav or such to determine a user problem. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] supported ways to control user access to audio/video devices
Dear list, A round of searching and reading did not give me any usable explanation of Subj on Devuan. More specifically, static assignment of users to the "audio"/"video" groups is not applicable (on shared, remotely accessible computers). It looks like ConsoleKit used to be the answer in Debian, but in my testing on Beowulf the consolekit package is not compatible with any desktop environment besides xfce. Is this an inherent limitation somewhere, a packaging bug or otherwise a misunderstanding on my part? Regards, /D ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng