From: dimke.fax@uni.de   
      
   Hi,   
      
   Bit Twister wrote:   
      
   > On Wed, 5 Nov 2014 06:57:24 +0000 (UTC), Markus R. =?iso-8859-1?q?Ke=DFler?=   
   wrote:   
   >> Hi everyone,   
   >>   
   >> for security purposes, I usually distinguish between higher and lower   
   >> risk users in Mandriva (and SuSE also).   
   >>   
   >> I log in into X.11 / GDM / KDE as the user who needs maximum rights, and   
   >> other users which I need for firefox with flash contents (for webbased   
   >> learning, video conferences etc) are just logged in via shell window and   
   >> "su - newuser" and then starting firefox or opera under that user.   
   >>   
   >> This works fine and any attack would run only with very limited user   
   >> rights, but in this case I cannot access /dev/dsp etc from this new   
   >> user.   
   >   
   > No clue on Mandriva as to dev because I think pulseaudio no longer   
   > needs /dev/dsp. Pretty sure connections to audio hardware are in /dev/snd.   
   > I assume your users are in the audio group.   
      
   Confusingly, they're not:   
      
   [673 dimke@ansgar ~]$ grep ^audio /etc/group   
   audio:x:81:   
      
   So, I suspect that this is done via acl somehow.   
      
   > My solution on Mageia is to run pulseaudio as a system daemon/service   
   > instead of the default user daemon/service.   
      
   You mean, invoke pulseaudio via symlink from /etc/rc* under root?   
   Did you somewhere grant access rights to "normal" users?   
      
   Thanks,   
   best regards,   
      
   Markus   
   --   
   Please reply to group only.   
   For private email please use http://www.dipl-ing-kessler.de/email.htm   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)