Red Hat Bugzilla – Bug 204150
audio permissions are wrong for accessible login
Last modified: 2013-03-05 22:46:34 EST
Description of problem:
text-to-speech does not work for screen readers during accessible gdmgreeter login.
Version-Release number of selected component (if applicable):
turn on acessible login
Steps to Reproduce:
1. gdmsetup, turn on accessible login
2. gdmgreeter, ctrl-s to start screen reader with tts
3. tail /etc/gdm/modules/AccessKeyMouseEvents
screen reader starts, but i dont hear the screen reader announce that is has
when the screen reader starts it should use tts to announce that it has started
see the access guide info regarding accessible login setup. the problem is that
FC5 does not have group audio, user gdm is not in group audio, and devices
/dev/snd/* and /dev/dsp are not in group audio. fix the audio permissions for
user gdm then accessible login should work.
/usr/sbin/usermod -G audio gdm
cat >> /etc/rc.local << HERE_DOCUMENT
chgrp audio /dev/snd/* /dev/dsp
chmod g+rw /dev/snd/* /dev/dsp
Please ignore the previous recommendation of changing the sound device
permissions via rc.local, but rather change the console sound mode to 0600 and
group to audio via the file /etc/security/console.perms.d/50-default.perms
<console> 0600 <sound> 0660 root.audio
Problem persists on RHEL5.
The file /etc/security/console.perms.d/50-default.perms is part of pam, so it
needs to be changed there.
Reassigning to pam.
Read ya, Phil
Well, the fix has to be done in pam, setup and probably also udev. The audio
group must be added to setup first, then pam and udev (I'm not sure if udev
calls pam_console_apply always or not) should be modified to set
group+permissions of audio device nodes to audio+0660.
What is the status on finishing this? RHEL5 now depends on this via 244688.
As pam will no longer handle permissions for audio devices in F8 the solution in
RHEL5 will have to be different than in F8.
Someone should remove the dependencies. Bug 204150 does not block 244688, and
bug 244688 does not depend on 204150. Thanks.
Since Fedora 7 the 'gdm' user have had the correct ACL (see below) so am going
to close this bug. For RHEL5 you need to clone this bug or open another one.
# getfacl /dev/snd/controlC0
getfacl: Removing leading '/' from absolute path names
# file: dev/snd/controlC0
# owner: davidz
# group: root
The getfacl output from comment #8 is shown when user davidz is logged on. One
should examine when gdm is displaying the login prompt and nobody is logged in.
From /etc/gdm/Init/Default, if I do a /bin/ls on /dev/snd/controlC0 and
redirect it to a file, then it shows it's owned by root.root with mode 600. It
does not appear to have the correct ACL on Fedora 7.
(In reply to comment #9)
> The getfacl output from comment #8 is shown when user davidz is logged on. One
> should examine when gdm is displaying the login prompt and nobody is logged in.
> From /etc/gdm/Init/Default, if I do a /bin/ls on /dev/snd/controlC0 and
> redirect it to a file, then it shows it's owned by root.root with mode 600. It
> does not appear to have the correct ACL on Fedora 7.
POSIX ACL's are normally not shown in ls output; try using getfacl just like I
did above in comment 8. The ACL's are there, accessible login is working just
fine on Fedora 7 last time I tried. If it doesn't work, please paste the output
of getfacl .