Multiplexing Access to Audio Hardware via a Single PulseAudio Server
The goal of this setup is to create a single pulseaudio service which
has sole access to the audio hardware while providing a server for many
clients to use. This is not using the system wide mode as it
doesn’t run as root, nor does it use the
One disadvantage of this arrangement is the commands
will no longer work when run as your user. Both rely on the user dbus
session instead of the socket for communicating with the pulseaudio
daemon. To work around this issue one can run the respective commands as
pulseaudio user instead, e.g.
sudo -u pulseaudio pactl info.
We’ll use the pulseaudio group as authentication, users in the pulseaudio group have permission to use and interact with the pulseaudio server via a unix socket.
# groupadd pulseaudio
The pulseaudio user is both a member of the pulseaudio group to provide
appropriate permissions on the socket pulseaudio creates and as a member
of the audio group for access to the sound hardware (
Make the pulseaudio user a member of any additional groups such as
for bluetooth functionality.
We also create pulseaudio’s home directory as it will need to store state files and databases.
# useradd -g pulseaudio -G audio -s /bin/nologin -m pulseaudio
/etc/pulse/default.pa to load the native protocol module
auth-group mechanism which implicitly sets
true. The published
/tmp/pulseserver socket will be owned by the
pulseaudio user and pulseaudio group.
load-module module-native-protocol-unix auth-group=pulseaudio socket=/tmp/pulseserver
/etc/pulse/daemon.conf we need to prevent the server from exiting
after an idle timeout, setting
exit-idle-time to a negative value
disables this feature.
/etc/pulse/client.conf we configure the
point to the
/tmp/pulseserver socket for all clients to use. This can be
overridden on a per-user basis via local
client.conf configuration or
Additionally we disable the
autospawn (mis)feature as systemd (or any
supervisor) can manage this requirement in a consistent and reliable
default-server = unix:/tmp/pulseserver autospawn = no
For access to the
/tmp/pulseserver socket add your user to the
# gpasswd -a USER pulseaudio
Finally create a systemd unit or runit service to run the pulseaudio server as the pulseaudio user.
[Unit] Description=Sound Server [Service] User=pulseaudio ExecStart=/usr/bin/pulseaudio Restart=on-failure [Install] WantedBy=sound.target
#!/bin/sh exec chpst -u pulseaudio pulseaudio 2>&1