I like to have all sound devices belonging to the group "sound" with RW access. This way I can enable who I want to use the sound devices.
If you change the line in /etc/security/console.perms that reads: <console> 0600 <sound> 0640 root.sys to: <console> 0660 <sound> 0640 root.sound This will solve your problem. Users logged in at the console will always have permission to access the sound devices, and when no one's logged in (other than root, of course), the sound group will have read/write permission.