From owner-freebsd-hackers@FreeBSD.ORG Tue Jun 27 09:12:19 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7569B16A403 for ; Tue, 27 Jun 2006 09:12:19 +0000 (UTC) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E17243D70 for ; Tue, 27 Jun 2006 09:12:14 +0000 (GMT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (localhost [127.0.0.1]) by comp.chem.msu.su (8.13.4/8.13.3) with ESMTP id k5R9C7MB037785; Tue, 27 Jun 2006 13:12:08 +0400 (MSD) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.13.4/8.13.3/Submit) id k5R9C6ZJ037784; Tue, 27 Jun 2006 13:12:06 +0400 (MSD) (envelope-from yar) Date: Tue, 27 Jun 2006 13:12:06 +0400 From: Yar Tikhiy To: mal content Message-ID: <20060627091206.GB36941@comp.chem.msu.su> References: <8e96a0b90606220747vf80e805k650518981bde754@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8e96a0b90606220747vf80e805k650518981bde754@mail.gmail.com> User-Agent: Mutt/1.5.9i Cc: freebsd-hackers@freebsd.org Subject: Re: Real time privileges for non-root users X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jun 2006 09:12:19 -0000 On Thu, Jun 22, 2006 at 03:47:44PM +0100, mal content wrote: > Hello. > > Is it possible to grant real-time privileges to ordinary > users (not root) under FreeBSD? I'm doing some audio > work and I'd like to give real time privileges to my user id. While I can't think of an existing user-friendly solution, you can use available tools and interfaces to satisfy your needs. The easiest, but not the smartest, way is to use rtprio(1). >From rtprio(2): Realtime and idle priority is inherited through fork() and exec(). That is, you can start a shell with higher real-time priority, and it will hand its priority down to its children: $ su # rtprio 1 su yourself A smarter way is to use login.conf(5). Idle or real-time priority can be set for a login class, but the feature doesn't seem to be documented anywhere except in the code itself. The respective block from src/lib/libutil/login_class.c is as follows: /* Set the process priority */ if (flags & LOGIN_SETPRIORITY) { p = login_getcapnum(lc, "priority", LOGIN_DEFPRI, LOGIN_DEFPRI); if(p > PRIO_MAX) { rtp.type = RTP_PRIO_IDLE; rtp.prio = p - PRIO_MAX - 1; p = (rtp.prio > RTP_PRIO_MAX) ? 31 : p; if(rtprio(RTP_SET, 0, &rtp)) syslog(LOG_WARNING, "rtprio '%s' (%s): %m", pwd->pw_name, lc ? lc->lc_class : LOGIN_DEFCLASS); } else if(p < PRIO_MIN) { rtp.type = RTP_PRIO_REALTIME; rtp.prio = abs(p - PRIO_MIN + RTP_PRIO_MAX); p = (rtp.prio > RTP_PRIO_MAX) ? 1 : p; if(rtprio(RTP_SET, 0, &rtp)) syslog(LOG_WARNING, "rtprio '%s' (%s): %m", pwd->pw_name, lc ? lc->lc_class : LOGIN_DEFCLASS); } else { if (setpriority(PRIO_PROCESS, 0, (int)p) != 0) syslog(LOG_WARNING, "setpriority '%s' (%s): %m", pwd->pw_name, lc ? lc->lc_class : LOGIN_DEFCLASS); } } Can you grok it? ;-) -- Yar