Description of problem: text-to-speech does not work for screen readers during accessible gdmgreeter login. Version-Release number of selected component (if applicable): setup-2.5.49-1 gdm-2.14.9-1 How reproducible: turn on acessible login Steps to Reproduce: 1. gdmsetup, turn on accessible login 2. gdmgreeter, ctrl-s to start screen reader with tts 3. tail /etc/gdm/modules/AccessKeyMouseEvents Actual results: screen reader starts, but i dont hear the screen reader announce that is has started. Expected results: when the screen reader starts it should use tts to announce that it has started Additional info: see the access guide info regarding accessible login setup. the problem is that FC5 does not have group audio, user gdm is not in group audio, and devices /dev/snd/* and /dev/dsp are not in group audio. fix the audio permissions for user gdm then accessible login should work. /usr/sbin/groupadd audio /usr/sbin/usermod -G audio gdm cat >> /etc/rc.local << HERE_DOCUMENT chgrp audio /dev/snd/* /dev/dsp chmod g+rw /dev/snd/* /dev/dsp HERE_DOCUMENT
Please ignore the previous recommendation of changing the sound device permissions via rc.local, but rather change the console sound mode to 0600 and group to audio via the file /etc/security/console.perms.d/50-default.perms <console> 0600 <sound> 0660 root.audio
Problem persists on RHEL5.
The file /etc/security/console.perms.d/50-default.perms is part of pam, so it needs to be changed there. Reassigning to pam. Read ya, Phil
Well, the fix has to be done in pam, setup and probably also udev. The audio group must be added to setup first, then pam and udev (I'm not sure if udev calls pam_console_apply always or not) should be modified to set group+permissions of audio device nodes to audio+0660.
What is the status on finishing this? RHEL5 now depends on this via 244688.
As pam will no longer handle permissions for audio devices in F8 the solution in RHEL5 will have to be different than in F8.
Someone should remove the dependencies. Bug 204150 does not block 244688, and bug 244688 does not depend on 204150. Thanks.
Since Fedora 7 the 'gdm' user have had the correct ACL (see below) so am going to close this bug. For RHEL5 you need to clone this bug or open another one. # getfacl /dev/snd/controlC0 getfacl: Removing leading '/' from absolute path names # file: dev/snd/controlC0 # owner: davidz # group: root user::rw- user:gdm:rw- user:davidz:rw- group::--- mask::rw- other::---
The getfacl output from comment #8 is shown when user davidz is logged on. One should examine when gdm is displaying the login prompt and nobody is logged in. From /etc/gdm/Init/Default, if I do a /bin/ls on /dev/snd/controlC0 and redirect it to a file, then it shows it's owned by root.root with mode 600. It does not appear to have the correct ACL on Fedora 7.
(In reply to comment #9) > The getfacl output from comment #8 is shown when user davidz is logged on. One > should examine when gdm is displaying the login prompt and nobody is logged in. > From /etc/gdm/Init/Default, if I do a /bin/ls on /dev/snd/controlC0 and > redirect it to a file, then it shows it's owned by root.root with mode 600. It > does not appear to have the correct ACL on Fedora 7. POSIX ACL's are normally not shown in ls output; try using getfacl just like I did above in comment 8. The ACL's are there, accessible login is working just fine on Fedora 7 last time I tried. If it doesn't work, please paste the output of getfacl .