Bug 204150 - audio permissions are wrong for accessible login
Summary: audio permissions are wrong for accessible login
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: hal (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: All Linux
medium
high
Target Milestone: ---
Assignee: David Zeuthen
QA Contact: Fedora Extras Quality Assurance
URL: http://live.gnome.org/LSR/AccessibleL...
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-08-25 21:18 UTC by George Kraft
Modified: 2013-03-06 03:46 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-17 17:18:42 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description George Kraft 2006-08-25 21:18:42 UTC
Description of problem:
text-to-speech does not work for screen readers during accessible gdmgreeter login.

Version-Release number of selected component (if applicable):
setup-2.5.49-1
gdm-2.14.9-1

How reproducible:
turn on acessible login

Steps to Reproduce:
1. gdmsetup, turn on accessible login
2. gdmgreeter, ctrl-s to start screen reader with tts
3. tail /etc/gdm/modules/AccessKeyMouseEvents
  
Actual results:
screen reader starts, but i dont hear the screen reader announce that is has
started.

Expected results:
when the screen reader starts it should use tts to announce that it has started

Additional info:
see the access guide info regarding accessible login setup.  the problem is that
 FC5 does not have group audio, user gdm is not in group audio, and devices
/dev/snd/* and /dev/dsp are not in group audio.  fix the audio permissions for
user gdm then accessible login should work.

/usr/sbin/groupadd audio
/usr/sbin/usermod -G audio gdm

cat >> /etc/rc.local << HERE_DOCUMENT
chgrp audio /dev/snd/* /dev/dsp
chmod g+rw /dev/snd/* /dev/dsp
HERE_DOCUMENT

Comment 1 George Kraft 2006-08-31 21:06:00 UTC
Please ignore the previous recommendation of changing the sound device
permissions via rc.local, but rather change the console sound mode to 0600 and
group to audio via the file /etc/security/console.perms.d/50-default.perms

<console>  0600 <sound>      0660 root.audio

Comment 2 George Kraft 2007-04-10 20:23:26 UTC
Problem persists on RHEL5.

Comment 3 Phil Knirsch 2007-05-23 13:27:51 UTC
The file /etc/security/console.perms.d/50-default.perms is part of pam, so it
needs to be changed there.

Reassigning to pam.

Read ya, Phil

Comment 4 Tomas Mraz 2007-05-23 13:35:48 UTC
Well, the fix has to be done in pam, setup and probably also udev. The audio
group must be added to setup first, then pam and udev (I'm not sure if udev
calls  pam_console_apply always or not) should be modified to set
group+permissions of audio device nodes to audio+0660.


Comment 5 George Kraft 2007-08-17 15:22:33 UTC
What is the status on finishing this?  RHEL5 now depends on this via 244688.

Comment 6 Tomas Mraz 2007-08-17 15:27:39 UTC
As pam will no longer handle permissions for audio devices in F8 the solution in
RHEL5 will have to be different than in F8.


Comment 7 George Kraft 2007-08-17 15:56:12 UTC
Someone should remove the dependencies.  Bug 204150 does not block 244688, and
bug 244688 does not depend on 204150.  Thanks.

Comment 8 David Zeuthen 2007-08-17 17:18:42 UTC
Since Fedora 7 the 'gdm' user have had the correct ACL (see below) so am going
to close this bug. For RHEL5 you need to clone this bug or open another one.

# getfacl /dev/snd/controlC0 
getfacl: Removing leading '/' from absolute path names
# file: dev/snd/controlC0
# owner: davidz
# group: root
user::rw-
user:gdm:rw-
user:davidz:rw-
group::---
mask::rw-
other::---


Comment 9 George Kraft 2007-08-20 13:04:09 UTC
The getfacl output from comment #8 is shown when user davidz is logged on.  One
should examine when gdm is displaying the login prompt and nobody is logged in.
 From /etc/gdm/Init/Default, if I do a /bin/ls on /dev/snd/controlC0 and
redirect it to a file, then it shows it's owned by root.root with mode 600.  It
does not appear to have the correct ACL on Fedora 7.  

Comment 10 David Zeuthen 2007-08-21 16:35:07 UTC
(In reply to comment #9)
> The getfacl output from comment #8 is shown when user davidz is logged on.  One
> should examine when gdm is displaying the login prompt and nobody is logged in.
>  From /etc/gdm/Init/Default, if I do a /bin/ls on /dev/snd/controlC0 and
> redirect it to a file, then it shows it's owned by root.root with mode 600.  It
> does not appear to have the correct ACL on Fedora 7.  

POSIX ACL's are normally not shown in ls output; try using getfacl just like I
did above in comment 8. The ACL's are there, accessible login is working just
fine on Fedora 7 last time I tried. If it doesn't work, please paste the output
of getfacl .


Note You need to log in before you can comment on or make changes to this bug.