sudo: get sound playback running as another user
I block all Internet traffic for my kids’ Linux accounts using iptables. Sometimes I want to allow them to use one program or another. In such cases I enable them to run that programs as another(unlimited) user via sudoers. This time I tried to enable them to use translate-shell and mpg123 for playing sounds/pronouncing translated words:
kiddy ALL= (daddy) NOPASSWD: /usr/bin/trans
However running sudo -u daddy trans en:he -speak -player mpg123 apple as kiddy user shows correct translation in the terminal but doesn’t play the sound, stating: "Voice output isn’t available for English". Once I log in as daddy in Gnome and run the same command: trans en:he -speak -player mpg123 apple – everything works as expected and I get both the textual translation and the sound playback. Both users belong to the audio group. I tried this approach but id didn’t help. I am on Debian 12 and neither on Wayland nor on Xorg there is no file $HOME/.Xauthority which was used for that solution…
How can I cause the translate-shell to playback audio via sudo as another user?
Audio devices on modern system are managed by pipewire which has a socket in your /run/user directory. In order for the sudo:ed process to access the current session’s pipewire instance, you would need to allow it access to the socket $XDG_RUNTIME_DIR/pipewire-0. The socket itself is normally open to anyone, but $XDG_RUNTIME_DIR is not.
A command sequence that would work would be
chmod a+x $XDG_RUNTIME_DIR
sudo -u daddy XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR trans en:he -speak -player mpg123 apple
Do consider, however, that you are opening $XDG_RUNTIME_DIR to anyone here which you might not want.
Based on Göran Uddeborg’s answer I did this:
- chmod 705 $XDG_RUNTIME_DIR
- using
sudo visudoI added these lines:
Defaults:kiddy env_keep += "XDG_RUNTIME_DIR"
kiddy ALL= (daddy) NOPASSWD: /usr/bin/trans
Now it works!