Just been tinkering with jackstart and findout out what suid bit means. I think that the following would be a useful way to have audio software that requires "root" privileges set up:
dpkg-statoverride --update --add root audio 4754 \ /usr/bin/jackstart What this says is that each time the file /usr/bin/jackstart is (re)installed, it should be set to owner root, group audio, and permissions 4754. That permissions seems to result (and this is what I wanted) in: - 4 = suid bit - 7 = rwx (owner, root) - 5 = rx (group, audio) - 4 = r (other) (hoping I've got 'em right) To me I think this makes sense. I add myself to group audio, and audio applications as well (such as jackstart, with the dpkg-statoverride as above). Debian packaging policy (usr/share/doc/debian-policy/policy.html/ch-files.html#s10.9) says to have root.root and rwxr-xr-w perms. But in this case I am thinking that (with suid bit), it is better to have an "audio" group and "other" only readable. Is this sensible or off base for a debian package? Is there a policy for audio apps in this regard? If applicable, this would also apply to ardour and many others I guess. ?? Hope that's not too many Qs for one email. (BTW, Stefan, why does jackstart use "capabilities" (and therefore not work with my kernel), and jackd I can use --realtime option and it (seems to) works?) thanks zen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
