0

I block all Internet traffic for my kids' Linux accounts using iptables. Sometimes I want to allow them to use one program or another. In such cases I enable them to run that programs as another(unlimited) user via sudoers. This time I tried to enable them to use translate-shell and mpg123 for playing sounds/pronouncing translated words:

kiddy ALL= (daddy) NOPASSWD: /usr/bin/trans

However running sudo -u daddy trans en:he -speak -player mpg123 apple as kiddy user shows correct translation in the terminal but doesn't play the sound, stating: "Voice output isn't available for English". Once I log in as daddy in Gnome and run the same command: trans en:he -speak -player mpg123 apple - everything works as expected and I get both the textual translation and the sound playback. Both users belong to the audio group. I tried this approach but id didn't help. I am on Debian 12 and neither on Wayland nor on Xorg there is no file $HOME/.Xauthority which was used for that solution...

How can I cause the translate-shell to playback audio via sudo as another user?

Improve this question

3 Answers 3

Reset to default
1

Audio devices on modern system are managed by pipewire which has a socket in your /run/user directory. In order for the sudo:ed process to access the current session's pipewire instance, you would need to allow it access to the socket $XDG_RUNTIME_DIR/pipewire-0. The socket itself is normally open to anyone, but $XDG_RUNTIME_DIR is not.

A command sequence that would work would be

chmod a+x $XDG_RUNTIME_DIR sudo -u daddy XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR trans en:he -speak -player mpg123 apple

Do consider, however, that you are opening $XDG_RUNTIME_DIR to anyone here which you might not want.

Improve this answer
3
  • 1
    thank you! Is adding write permissions w indeed needed? Commented Sep 9, 2023 at 19:12
  • chmod 705 $XDG_RUNTIME_DIR seems to be enough, but setting $XDG_RUNTIME_DIR inside sudo cause it to complain and exit. Commented Sep 9, 2023 at 20:28
  • Good point, others don't need w, nor r for that matter. I updated the suggestion for any future visitors. If the group or others need the extra x bit depends on if kiddy and daddy share any group or not. You could have had a family group! :-) Commented Sep 10, 2023 at 20:38
0

Based on Göran Uddeborg's answer I did this:

  1. chmod 705 $XDG_RUNTIME_DIR
  2. using sudo visudo I added these lines:
Defaults:kiddy env_keep += "XDG_RUNTIME_DIR" kiddy ALL= (daddy) NOPASSWD: /usr/bin/trans

Now it works!

Improve this answer
0

The XDG_RUNTIME_DIR instruction did not get me the end result, but a much simpler and neater instruction did:

 $ sudo adduser user audio $ sudo adduser user pulse $ sudo adduser user pulse-access

Here, the user would be the daddy from the original answer, where the kiddy wants to sudo execute an app as a daddy, and have audio working.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.