sudo: get sound playback running as another user
I block all Internet traffic for my kids’ Linux accounts using iptables. Sometimes I want to allow them to use one program or another. In such cases I enable them to run that programs as another(unlimited) user via sudoers. This time I tried to enable them to use translate-shell and
mpg123 for playing sounds/pronouncing translated words:
kiddy ALL= (daddy) NOPASSWD: /usr/bin/trans
sudo -u daddy trans en:he -speak -player mpg123 apple as
kiddy user shows correct translation in the terminal but doesn’t play the sound, stating: "Voice output isn’t available for English". Once I log in as
daddy in Gnome and run the same command:
trans en:he -speak -player mpg123 apple – everything works as expected and I get both the textual translation and the sound playback. Both users belong to the
audio group. I tried this approach but id didn’t help. I am on Debian 12 and neither on Wayland nor on Xorg there is no file
$HOME/.Xauthority which was used for that solution…
How can I cause the translate-shell to playback audio via sudo as another user?
Audio devices on modern system are managed by pipewire which has a socket in your
/run/user directory. In order for the sudo:ed process to access the current session’s pipewire instance, you would need to allow it access to the socket
$XDG_RUNTIME_DIR/pipewire-0. The socket itself is normally open to anyone, but
$XDG_RUNTIME_DIR is not.
A command sequence that would work would be
chmod a+x $XDG_RUNTIME_DIR sudo -u daddy XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR trans en:he -speak -player mpg123 apple
Do consider, however, that you are opening
$XDG_RUNTIME_DIR to anyone here which you might not want.
Based on Göran Uddeborg’s answer I did this:
- chmod 705 $XDG_RUNTIME_DIR
sudo visudoI added these lines:
Defaults:kiddy env_keep += "XDG_RUNTIME_DIR" kiddy ALL= (daddy) NOPASSWD: /usr/bin/trans
Now it works!