On Sat, Jun 06, 2009 at 11:10:29PM -0400, Nick Guenther wrote: > On Sat, Jun 6, 2009 at 3:18 PM, Alexandre Ratchov<a...@caoua.org> wrote: > > On Fri, Jun 05, 2009 at 06:02:01PM -0400, Ryan Flannery wrote: > >> With the recent work done to the audio system on OpenBSD, a buddy of > >> mine and I figured it should be easy to setup two-way voice-chat > >> between two OpenBSD clients using nothing more than aucat(1) and > >> ssh(1). As we found out, it is both very easy and very usable! We > >> have telephone-quality chatting working with a <= 1 second delay in > >> the audio (after a few minutes of chatting, this is unnoticeable). > >> > >> First, a hearty thanks to Jacob Meuser and the other OpenBSD > >> developers who have worked hard on this recently. Your efforts are > >> both noticed and greatly appreciated. > >> > >> Second, I have a couple of questions... > >> > >> 1. We, the two users chatting (users neal and ryan) have ssh accounts > >> on each other's machines. To voice-chat with each other, what we did > >> boils down to the following: > >> > >> ryan# aucat -l > >> ryan# aucat -o - | ssh r...@neals-machine aucat -i - > >> > >> User neal would do the same, only to my (ryan's) machine. > >> When aucat is run in server-mode ('aucat -l') it creates a socket in > >> "/tmp/aucat-USERID/default" where USERID is the uid of the user who > >> ran the command (aucat -l). For another user (neal) to bind to this > >> socket, we had to make this socket available to the other user, namely > >> > >> ryan# grep ryan /etc/passwd > >> (find ryan's uid, call it RYANSID) > >> ryan# grep neal /etc/passwd > >> (find neal's uid, call it NEALSID) > >> ryan# aucat -l > >> ryan# cd /tmp/ > >> ryan# chmod 755 aucat-RYANSID > >> ryan# ln -s aucat-RYANSID aucat-NEALSID > >> > > > > if you use hard links instead of soft links, you can > > ``share'' your socket with another user without changing the > > socket directory permissions (so you avoid giving it to all > > users). > > > > Classy! I was looking for a way to do this but the manpage didn't > mention anything. > > >> Neal would do the same on his machine, only reversed. > >> Question: is it possible to run aucat(1) in such a way that the socket > >> it creates in 'global', such that other users can connect to it? > >> A quick perusing of the man/archives and the source says no... but I > >> may be missing something. > >> > > > > no, there's no way for that. Even if we start supporting > > ``shared sockets'' (i hope so), they will not be usable > > simultaneously by multiple users (to avoid evesdropping). > > Fine grained access control might solve this problem, but is > > too complicated and outside the scope of aucat. > > > What good are shared sockets if they aren't usable simultaneously?? > > use case: I'm always wanting to set up and audio-studio box, and right > now aucat lets me, but what if I want to have myself and a hundred of > my closest friends play a midi-orchestra all routed through the one > box with everyone running their own session on a (remote) frontend? I > could just make a shared 'music' account but that's a workaround for > an awkward system.
you could do this more easily with jackd/netjack. > Please, don't necessarily make a -g(lobal) flag for aucat, but don't > restrict its flexibility by forcing restrictions in the name of > security. The OS is perfectly competent as handling security with file > permissions like it's designed to. Just add a way for each user to > specify what socket they want sndio to talk to? Like a /etc/sndiorc > and ~/.sndiorc pair. Then to make a global socket you would set it in > your global /etc/sndiorc and then sound would Just Work for every user > and you'd only have to start aucat -l once, but users would still have > to be in the audio group or whatever to use this. so, by default, it would work for noone. I really don't like such solutions. > Conversely, if > you're actually worried about eavesdropping you can run aucat -l like > usual. I think most people don't realise how easy it is to eavesdrop (or even that it's possible). > Actually, you could hack this now: make an 'audio' user, at boot do > "sudo -u audio aucat -l" and also create links to the socket that made > for each user on the system. I don't know what's worse: recreating > links at each boot or having to have a config file. config file and the extra code/complexity it would force onto everyone, imo. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org