Bug 204150 - audio permissions are wrong for accessible login
audio permissions are wrong for accessible login
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: hal (Show other bugs)
rawhide
All Linux
medium Severity high
: ---
: ---
Assigned To: David Zeuthen
Fedora Extras Quality Assurance
http://live.gnome.org/LSR/AccessibleL...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-25 17:18 EDT by George Kraft
Modified: 2013-03-05 22:46 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-17 13:18:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description George Kraft 2006-08-25 17:18:42 EDT
Description of problem:
text-to-speech does not work for screen readers during accessible gdmgreeter login.

Version-Release number of selected component (if applicable):
setup-2.5.49-1
gdm-2.14.9-1

How reproducible:
turn on acessible login

Steps to Reproduce:
1. gdmsetup, turn on accessible login
2. gdmgreeter, ctrl-s to start screen reader with tts
3. tail /etc/gdm/modules/AccessKeyMouseEvents
  
Actual results:
screen reader starts, but i dont hear the screen reader announce that is has
started.

Expected results:
when the screen reader starts it should use tts to announce that it has started

Additional info:
see the access guide info regarding accessible login setup.  the problem is that
 FC5 does not have group audio, user gdm is not in group audio, and devices
/dev/snd/* and /dev/dsp are not in group audio.  fix the audio permissions for
user gdm then accessible login should work.

/usr/sbin/groupadd audio
/usr/sbin/usermod -G audio gdm

cat >> /etc/rc.local << HERE_DOCUMENT
chgrp audio /dev/snd/* /dev/dsp
chmod g+rw /dev/snd/* /dev/dsp
HERE_DOCUMENT
Comment 1 George Kraft 2006-08-31 17:06:00 EDT
Please ignore the previous recommendation of changing the sound device
permissions via rc.local, but rather change the console sound mode to 0600 and
group to audio via the file /etc/security/console.perms.d/50-default.perms

<console>  0600 <sound>      0660 root.audio
Comment 2 George Kraft 2007-04-10 16:23:26 EDT
Problem persists on RHEL5.
Comment 3 Phil Knirsch 2007-05-23 09:27:51 EDT
The file /etc/security/console.perms.d/50-default.perms is part of pam, so it
needs to be changed there.

Reassigning to pam.

Read ya, Phil
Comment 4 Tomas Mraz 2007-05-23 09:35:48 EDT
Well, the fix has to be done in pam, setup and probably also udev. The audio
group must be added to setup first, then pam and udev (I'm not sure if udev
calls  pam_console_apply always or not) should be modified to set
group+permissions of audio device nodes to audio+0660.
Comment 5 George Kraft 2007-08-17 11:22:33 EDT
What is the status on finishing this?  RHEL5 now depends on this via 244688.
Comment 6 Tomas Mraz 2007-08-17 11:27:39 EDT
As pam will no longer handle permissions for audio devices in F8 the solution in
RHEL5 will have to be different than in F8.
Comment 7 George Kraft 2007-08-17 11:56:12 EDT
Someone should remove the dependencies.  Bug 204150 does not block 244688, and
bug 244688 does not depend on 204150.  Thanks.
Comment 8 David Zeuthen 2007-08-17 13:18:42 EDT
Since Fedora 7 the 'gdm' user have had the correct ACL (see below) so am going
to close this bug. For RHEL5 you need to clone this bug or open another one.

# getfacl /dev/snd/controlC0 
getfacl: Removing leading '/' from absolute path names
# file: dev/snd/controlC0
# owner: davidz
# group: root
user::rw-
user:gdm:rw-
user:davidz:rw-
group::---
mask::rw-
other::---
Comment 9 George Kraft 2007-08-20 09:04:09 EDT
The getfacl output from comment #8 is shown when user davidz is logged on.  One
should examine when gdm is displaying the login prompt and nobody is logged in.
 From /etc/gdm/Init/Default, if I do a /bin/ls on /dev/snd/controlC0 and
redirect it to a file, then it shows it's owned by root.root with mode 600.  It
does not appear to have the correct ACL on Fedora 7.  
Comment 10 David Zeuthen 2007-08-21 12:35:07 EDT
(In reply to comment #9)
> The getfacl output from comment #8 is shown when user davidz is logged on.  One
> should examine when gdm is displaying the login prompt and nobody is logged in.
>  From /etc/gdm/Init/Default, if I do a /bin/ls on /dev/snd/controlC0 and
> redirect it to a file, then it shows it's owned by root.root with mode 600.  It
> does not appear to have the correct ACL on Fedora 7.  

POSIX ACL's are normally not shown in ls output; try using getfacl just like I
did above in comment 8. The ACL's are there, accessible login is working just
fine on Fedora 7 last time I tried. If it doesn't work, please paste the output
of getfacl .

Note You need to log in before you can comment on or make changes to this bug.