Bug 26208

Summary: Pulseaudio can't access /dev/snd files by default as permissions incorrect.
Product: Mageia Reporter: Stephen Usher <steve>
Component: RPM PackagesAssignee: All Packagers <pkg-bugs>
Status: RESOLVED WORKSFORME QA Contact:
Severity: normal    
Priority: Normal CC: geiger.david68210, marja11, olav
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: pulseaudio-12.2-5.mga7.src.rpm CVE:
Status comment:

Description Stephen Usher 2020-02-17 13:28:15 CET 
Description of problem:

The /dev/snd files are not accessible to the pulseaudio application by default as it doesn't have the correct access rights. If the permissions on the directory are changed then pulseaudio gets access to the sound card and operates normally.

Version-Release number of selected component (if applicable):

12.2-5.mga7

How reproducible:

Consistent

Steps to Reproduce:
1. Log in
2. Start pulseaudio
3.
Comment 1 Stephen Usher 2020-02-19 13:26:30 CET 
Here are the default permissions for /dev/snd:

[root@vanguard ~]# ls -lR /dev/snd
/dev/snd:
total 0
drwxr-xr-x  2 root root       80 Feb 18 10:55 by-path/
crw-rw----+ 1 root audio 116,  5 Feb 18 10:55 controlC0
crw-rw----+ 1 root audio 116, 14 Feb 18 10:55 controlC1
crw-rw----+ 1 root audio 116,  4 Feb 18 10:55 hwC0D0
crw-rw----+ 1 root audio 116, 10 Feb 18 10:55 hwC1D0
crw-rw----+ 1 root audio 116, 11 Feb 18 10:55 hwC1D1
crw-rw----+ 1 root audio 116, 12 Feb 18 10:55 hwC1D2
crw-rw----+ 1 root audio 116, 13 Feb 18 10:55 hwC1D3
crw-rw----+ 1 root audio 116,  3 Feb 18 10:55 pcmC0D0c
crw-rw----+ 1 root audio 116,  2 Feb 18 10:55 pcmC0D0p
crw-rw----+ 1 root audio 116,  6 Feb 18 10:55 pcmC1D3p
crw-rw----+ 1 root audio 116,  7 Feb 18 10:55 pcmC1D7p
crw-rw----+ 1 root audio 116,  8 Feb 18 10:55 pcmC1D8p
crw-rw----+ 1 root audio 116,  9 Feb 18 10:55 pcmC1D9p
crw-rw----+ 1 root audio 116,  1 Feb 18 10:55 seq
crw-rw----+ 1 root audio 116, 33 Feb 18 10:55 timer

/dev/snd/by-path:
total 0
lrwxrwxrwx 1 root root 12 Feb 18 10:55 pci-0000:00:1b.0 -> ../controlC0
lrwxrwxrwx 1 root root 12 Feb 18 10:55 pci-0000:05:00.1 -> ../controlC1

Note: The user is not locally defined in /etc/passwd as it's using network authentication so the user is not in the audio group.
Comment 2 Lewis Smith 2020-02-19 22:17:17 CET 
> The /dev/snd files are not accessible to the pulseaudio application by
> default as it doesn't have the correct access rights.
> The user is not locally defined in /etc/passwd as it's using network
> authentication so the user is not in the audio group.
Which user?

> If the permissions on
> the directory are changed then pulseaudio gets access to the sound card and
> operates normally.
Please say permissions changed to what?

Assigning to DavidG as main committer for pulseaudio.

Source RPM: pulseaudio-12.2-5.mga7 => pulseaudio-12.2-5.mga7.src.rpm
CC: (none) => lewyssmith
Assignee: bugsquad => geiger.david68210

Comment 3 Stephen Usher 2020-02-20 10:44:06 CET 
The user is one supplied by the NIS service with a home directory automounted and unreadable by root (for security and legal reasons, i.e. GDPR).

Adding other read/write permissions allows pulseaudio to use the device. If the process were running as group 'audio' then it would work.
Comment 4 Lewis Smith 2020-02-20 20:24:42 CET 
Thank you for this extra information.
I got stuck on groups, give up.

See also bug 26207, bug 26209.
Assigning globally, CC DavidG as main committer for 'pulseaudio'.

Assignee: geiger.david68210 => pkg-bugs
CC: lewyssmith => geiger.david68210

Olav Vitters 2020-07-09 13:58:06 CEST

CC: (none) => olav

Comment 5 Olav Vitters 2020-07-09 14:12:49 CEST 
logind is supposed to set acls for the sound devices. 

To check ACLs you could run:
> getfacl /dev/snd/*

It seems I added myself ages ago to the audio group. Anyone in the audio group can always access these devices. With logind they should only be able to access such devices while logged in.

loginctl would show you if logind knows that someone is logged in.

Not sure how this exactly works, documentation is a bit lacking. I noticed: https://github.com/systemd/systemd/issues/4288 as well as /usr/lib/udev/rules.d/70-uaccess.rules. Seems udev tags anything that should change the ACLs when the active seat (active user basically) with "uaccess". Then probably logind makes those changes.

It seems that in your setup logind needs to be made aware that the user logged in.
Comment 6 Stephen Usher 2020-09-25 16:36:34 CEST 
This actually looks to be a polkit issue.

If I create a local user (rather than NIS + NFS mounted home directory where the local root does not have read or execute rights) then not only does it have access to the snd devices but also can mount USB drives.

Network users (with unreadable by root home directories) don't get permission to any of the devices. (e.g. plug a USB stick in and you can't open the file manager as it says, "You are not authorized to mount this device.")
Comment 7 Aurelien Oudelet 2021-07-06 13:14:24 CEST 
Mageia 7 is EOL since July 1st 2021.
There will not have any further bugfix for this release.

You are encouraged to upgrade to Mageia 8 as soon as possible.

@reporter, if this bug still apply with Mageia 8, please let us know it.

@packager, if you work on the Mageia 7 version of your package, please check the Mageia 8 package if issue is also present. In this case, please fix the Mageia 8 version instead.

This bug report will be closed OLD if there is no further notice within 1st September 2021.
Comment 8 Stephen Usher 2021-07-06 15:33:15 CEST 
This issue was solved by running nscd if using network authentication as changes in systemd meant that non-local authentication wasn't able to get the correct privileges.
Comment 9 Marja Van Waes 2021-09-06 22:54:12 CEST 
(In reply to Stephen Usher from comment #8)
> This issue was solved by running nscd if using network authentication as
> changes in systemd meant that non-local authentication wasn't able to get
> the correct privileges.

Thanks, closing

Resolution: (none) => WORKSFORME
CC: (none) => marja11
Status: NEW => RESOLVED