Music Player Deamon - running as multimedia / security related.
 

In the Mpd config file it is recommended to run the deamon as a non-privelegied account. I made a mpdplayer account, but I realize that I need to change permissions on a bunch of files including the/var/lib directorie.

Is this correct? Should I really change permissions to /var/lib directorie? Or is there another way of doing this?

You can create a directory for the playlists and the error logs that is not in /var/. I use /usr/share/mpd for mine, which is the default on Gentoo.

That's what my mpd.conf looks like. The logging doesn't go through syslog, so it isn't that big of a problem. The only issue I had was making it so that mpd could access the sound devices. I definitely wouldn't run mpd on a multiuser box that has ssh access from people who may enjoy playing pranks. Heh.

But I still have to give this user write privelegies to /usr/share? Wouldn't that be the same as giving write permissions to /var/lib?

I will only give this particular user access to the service and I will password protect it somehow.

You only have to give the user access to the directory, not the root directory. of it. So you would just have /usr/share setup normally and create a subdirectory under it allowing the user for mpd write access.

I made a group multimedia, neverthless I forgot to give my user multimedia group access to multimedia. So it works now.

Thanks a lot.

You were saying something about granting access to audio devices as this user.

I made a group audio and give it access a group to /dev/dsp, /dev/mixer and /dev/snd/*. Then I added the user group access to audio. Is this a good solution?

And last: In system-config-users in Fedora Core 2 you can choose primary group, what is this?