On Oct 20 Takashi Sakamoto wrote:
When using polkit correctly, I guess users doesn't need to join in 'audio' group, so as PulseAudio achieved with polkit.
With regard to access to /dev/fw* files, this is true with the existing FFADO rules too. 60-ffado.rules sets ENV{ID_FFADO}="1", and consolekit's 70-udev-acl.rules recognizes ID_FFADO and runs udev-acl on the device.
(I.e. the current "console" owner is granted access to the character device file via access control list (ACL), which is a mechanism in parallel to Unix permission flags.)
The console owner policy and ACL mechanism are not a complete replacement for the group mechanism though: - There may be headless systems and other occasions at which the audio user is not console owner. - Processes involved in capture or playback, i.e. applications beyond mixers, may require realtime scheduling class privilege and memlocking privilege, which are traditionally configured for Unix groups and users (typically for a group). Not sure whether a mechanism exists which can implement a console owner policy for realtime and memlock privileges.