[ardour-users] FIFO and running as root.

Mark Knecht markknecht at gmail.com
Sat Apr 22 10:55:51 PDT 2006 

On 4/22/06, Jan Depner <eviltwin69 at cableone.net> wrote:
> On Sat, 2006-04-22 at 14:07 +1000, chris simpson wrote:
> > My current setup is an Athlon 2100+ XP, 1GB 2700DDR ram, delta 44,
> > running fc5, 2.6.15 vanilla kernel with RT patch and jack using ramfs.
> > After hacking for a number of weeks, ardour is now kicking the pants
> > off anything I could achieve in the windows realm with the same
> > equipment.
> >
> > My problem though (not that it has posed a great problem yet), is I
> > have to run all these applications as root. Basically, jack (or
> > qjackctl) can't setup FIFO stacks (on ramfs) as a non-root user. This
> > affects any jack clients as well, because unless they're also root,
> > they can't connect to jack. Is there a great danger in running audio
> > applications as root, and if so, how can you allow FIFO stacks to be
> > setup by a non-root user?
> >
>
>     I'll probably get shouted down for saying this but I run my audio
> apps as root and see no major problem with doing that.  I log in to
> whatever window manager I want as a normal user but I have a number of
> icons set up to run the audio applications as root.  This means that I
> have to type in the password for each app but they're usually up for the
> duration so it's no big deal.  If I'm running a recording session with a
> full band I'll log in as root to fluxbox but I have a script that shuts
> down all extraneous applications (including the network, actually my
> qjackctl startup script checks to see if I'm running the WM as root and
> shuts down the network).
>
>     It seems to me that there is a lot of angst about running
> applications as root.  As long as you aren't surfing the web or running
> applications that you don't trust you should be OK.  Of course, if you
> want to allow multiple users to run JACK, etc, then you have to worry
> about how to allow that but if you're the only user on your system, like
> me, you shouldn't have to worry about it.
>
>
> --
> Jan 'Evil Twin' Depner

Jan,

ON THE PLAYER: Karmacode by Lacuna Coil

   I would never shout you down. I don't personally think there's all
that much risk of you doing big damage with today's audio applications
that are well known and quite stable. However I wouldn't do it myself.
I run nothing as root except when configuring the machine. My /boot
partition is automatically unmounted at boot time. I change my root
password on a regular basis. Call me paranoid. Here's why...

   While it's not happened yet (TTBOMK) when, at some future date,
some unknown developer in the future will potentially get pissed at
the world because of something sad that's happened in his life. This
developer may decide to take revenge by placing a 'rm -rf *' somewhere
in his application that we've all been using for a long time, not to
be triggered until a specific time. At that point many people get
hurt. Do you have off machine back-ups of all audio projects and
everything else you need? If you do you're a star. If not, then the
question is how much are we willing to have that heinous sort of act
take out?

   Maybe it's not an audio app. I don't know....maybe it's a library
that everything uses. These things come from directions only the truly
disturbed can imagine. I cannot even guess the possibilities.

   There is so much generosity in Open Source. So much community, so
much kinship and so much that is just plain good about all the people
here. I've not been around anything that has remained so positive for
so long. However this can lead to complacency and I *personally* think
that running everything as root fits this picture. One of these days
something is going to change. I don't know how it will appear, but
like most places I'm pretty sure it will someday. Someone is going to
do something bad. I don't want to be hurt by something foolish like
that happening so I do my financial work in a separate account on the
same computer as my audio work. If someone in one area takes out
everything in one account at least basic file system permissions will
protect my other work.

   I have to trust that the kernel/file system developers won't let
this happen to Linux overall. Since that's a process that goes through
a lot of review it seems unlikely there's much risk at the system
level. I worry a bit more about this in Gentoo since so much code is
downloaded and built without really understanding the security process
for grabbing code, but I do know that the Gentoo devs depend on a very
slight bit of 'it didn't break anything in the last 30 days' testing
before they mark it as stable. That's not much protection for my
financial records.

   Just my 2 cents. While unlikely that this will EVER happen, why
take the chance?

   Today I'm recording on an AMD64 running a stock Gentoo 2.6.16
kernel with none of Ingo's realtime-preempt mods. I'm using
realtime-lsm as a standard user, running Jack apps at 64/2 with two
external 1394 audio drives and an HDSP 9652. I have no xruns. Why
should I run audio apps as root? If you haven't experienced this level
of performance from Linux yet, due to not upgrading your kernel, or
distro specific issues, I think you will soon. It's coming. Linux is
kicking ass. At the point you experience this you might consider
changing your procedures. Until then the risks are certainly low that
you'll have problems.

ON THE PLAYER: SMPTe by Transatlantic

Cheers,
Mark

More information about the Ardour-Users mailing list