You are not logged in.

Pages: 1

#1 2013-10-24 15:38:43

mbrown
Member
Registered: 2008-11-09
Posts: 10

[SOLVED] Annoying mpd permissions issue

If the "mpd" user is in the group "multimedia", and the
"multimedia" group has rwx access to a music directory (and
parent directories) and files, shouldn't that mean the
mpd process can access the music directory and read files
within it?

It seems not.

I am getting a permissions error when starting mpd, and
playback of music is impossible... (details below)

-----

mpd is configured to run as user "mpd" with group "audio" (group "audio" to give access to the sound device files in /dev/snd belonging to group "audio" and needed for music playback):

$ egrep '^user|group|music_directory' /etc/mpd.conf
music_directory "/mm/music"
user "mpd"
group "audio"

User "mpd" is a member of both the "audio" and "multimedia" groups:

$ groups mpd
audio multimedia mpd

My music directory and it's parent directories are accessible to group "multimedia", of which user "mpd" is a member, so theoretically mpd should have no access issues:

$ namei -l /mm/music/
f: /mm/music/
drwxr-xr-x root root       /
drwxrwx--- root multimedia mm
drwxrwx--- root multimedia music

However, I get a permission error when starting mpd, and can't play any music!

# /usr/bin/mpd --no-daemon  /etc/mpd.conf
Failed to stat directory "/mm/music": Permission denied

---

EDIT: SOLVED

The issue was with supplementary group permissions. The following line in /etc/mpd.conf was responsible for the permissions problem:

group "mpd"

When started using the above config, the mpd process doesn't have the mpd user's supplementary group access rights (see the "-" in the line below), just the "mpd" group and that's it:

$ ps -eo user,group,supgrp,args | grep mpd                                                                                                                                                                                
mpd      mpd      -                            /usr/bin/mpd --no-daemon

Removing the 'group "mpd"' line in /etc/mpd.conf solves the issue and allows the mpd process to run with the mpd user's supplementary group access rights:

$ ps -eo user,group,supgrp,args | grep mpd                                                                                                                                                                                
mpd      mpd      mpd,audio,multimedia         /usr/bin/mpd --no-daemon

Last edited by mbrown (2013-10-24 19:41:41)

Offline

Pages: 1

Board footer

Powered by FluxBB