Pulseaudio in system-wide mode

How it works and what is benefit of this setup
1) I can log on to GUI / KDE plasma as normal user eg. FRANTA, everything runs under FRANTA’s account – sound works
2) from command-line or from created .desktop shortcut, I execute some application, which will be running under different account from FRANTA, app examples : firefox, WINE – OUR AIM is to have properly working sound also for those apps


we need to configure pulseaudio to run in so called system-wide setup – thanks to this, pulseaudio (when properly configured) will be available for multiple selected/allowed users – see below (***)
pulseaudio itself will run under account “pulse”

So check is user “pulse” exists, if not then create it, user “pulse” must be member of group “audio”

[09:53:08] root@localhost ~# id pulse
uid=171(pulse) gid=171(pulse) groups=171(pulse),63(audio)


Config file /etc/pulse/daemon.conf :

system-instance = yes

Delete file /etc/pulse/system.pa and create symlink /etc/pulse/system.pa -> /etc/pulse/default.pa

Config file /etc/pulse/default.pa :

load-module module-native-protocol-unix auth-group-enable=true auth-group=pulse-access socket=/tmp/pulse-socket

Config file /etc/pulse/client.conf :

default-server = unix:/tmp/pulse-socket
(***) Allowed users

Every user that is intended to have properly working sound = access to pulseaudio, must be added to group “pulse-access” (if not existing create it)

[09:53:11] root@localhost ~# grep pulse-acc /etc/group

Warning, because pulseaudio now operates/runs under account “pulse”, some commands stop working under root account eg. pactl command for managing pulseaudio. Solution to bypass this limitation:

su -s /bin/bash pulse -
pactl list
sudo -u pulse sh -c "pactl list"


Sound volume control (utility pavucontrol) works in KDE and under FRANTA account properly as FRANTA is member of “pulse-access” group and utility pavucontrol is capable of finding out how to connect to pulseaudio thanks to configuration in /etc/pulse/client (line default-server)

Sometimes it is also needed to setup the way how pulseaudio itself is started on boot via systemd, because in default pulseaudio is started for logged on user via some socket

So i created custome pulseaudio .service file – /etc/systemd/system/pulseaudio.service :


ExecStartPre=/bin/rm -f /root/.config/pulse/*
ExecStart=/bin/pulseaudio --realtime --daemonize



systemctl enable /etc/systemd/system/pulseaudio.service
systemctl start /etc/systemd/system/pulseaudio.service
[14:30:55] root@localhost ~# ps -ef | grep pulse
pulse 1248 1 2 06:08 ? 00:13:53 /bin/pulseaudio --realtime --daemonize
pulse 1297 1248 0 06:08 ? 00:00:00 /usr/libexec/pulse/gconf-helper


Check if all mountpoints are in read-write mode

If you work with servers  that use SAN storages yo uprobably know this scenario – one or more paths got temporarily offline. After all paths are online again you need to be sure that all filesystems are accessible and are still in read-write mode. You can easily check it using commands below:


FILE=readwrite.check; for i in `mount | awk ' $5!~/(proc|sysfs|devpts|tmpfs|debugfs|usbfs|subfs|binfmt_misc|rpc_pipefs|nfsd|vxodmfs|securityfs|fusectl|oracleasmfs)/ {print $3}'`; do echo "======== $i ========"; echo "Objects in folder: $(ls -la $i | wc -l)"; echo "rw check" > $i/$FILE; ls -la $i/$FILE; rm -f $i/$FILE; echo; done;


FILE=readwrite.check; for i in `mount | awk '$3 !~/procfs/ {print $2}'`; do echo "======== $i ========"; echo "Objects in folder: $(ls -la $i | wc -l)"; echo "rw check" > $i/$FILE; ls -la $i/$FILE; rm -f $i/$FILE; echo; done


FILE=readwrite.check; for i in `mount | awk ' $3!~/(fd|ctfs|sharefs|objfs|mnttab|devices|proc|sharetab)/ {print $1}'`; do echo "======== $i ========"; echo "Objects in folder: $(ls -la $i | wc -l)"; echo "rw check" > $i/$FILE; ls -la $i/$FILE; rm -f $i/$FILE; echo; done

OpenSSL heartbleed bug

New vulnerability in widely used OpenSSL was detected. Vulnerability is know as Heartbleed bug. OpenSSL 1.0.1 before 1.0.1g are vulnerable. Thanks to good work of people in RedHat (special thank you goes to Tomas Mraz, Senior programmer in RedHat) and CentOS community, quick workaround was published for commonly used OpenSSL 1.0.1e. We are looking forward for release of OpenSSL 1.0.1g.

Don't hesitate to patch your servers….