The goal of this setup is to create a single pulseaudio service which has sole
access to the audio hardware while providing a server for many clients to use.
This is not using the system wide mode as it doesn’t run as root,
nor does it use the --system
flag.
One disadvantage of this arrangement is that the commands pacmd
and pactl
will no longer work when run as your user. Both rely on the user dbus session
instead of the socket for communicating with the pulseaudio daemon. To work
around this issue one can run the respective commands as the pulseaudio
user
instead, e.g. sudo -u pulseaudio pactl info
.
The pulseaudio group is used for authentication such that users in the pulseaudio group have permission to use and interact with the pulseaudio server via a unix socket.
# groupadd pulseaudio
The pulseaudio user is both a member of the pulseaudio group to provide
appropriate permissions on the socket pulseaudio creates and as a member
of the audio group for access to the sound hardware (/dev/snd*
).
Optionally add the pulseaudio user to any additional groups such as lp
for
bluetooth functionality.
Then create pulseaudio’s home directory as it will be needed to store state files and databases.
# useradd -g pulseaudio -G audio -s /bin/nologin -m pulseaudio
Configure /etc/pulse/default.pa
to load the native protocol module using the
auth-group
mechanism which implicitly sets auth-enable-group
to true
. The
published /tmp/pulseserver
socket will be owned by the pulseaudio user and
pulseaudio group.
load-module module-native-protocol-unix auth-group=pulseaudio socket=/tmp/pulseserver
Prevent the server from exiting after an idle timeout by editting
/etc/pulse/daemon.conf
and changing the exit-idle-time
setting to a
negative value to disable this feature.
exit-idle-time=-1
Lastly in /etc/pulse/client.conf
configure the default-server
to point to
the /tmp/pulseserver
socket for clients to use. This can be overridden on a
per-user basis via local client.conf
configuration or using the
PULSE_SERVER
environment.
Additionally disable the autospawn
(mis)feature as systemd (or any
supervisor) can manage this requirement more consistently.
default-server = unix:/tmp/pulseserver autospawn = no
For access to the /tmp/pulseserver
socket add your user to the pulseaudio
group.
# gpasswd -a USER pulseaudio
Finally create a systemd unit or runit service to run the pulseaudio server as the pulseaudio user.
[Unit]
Description=Sound Server
[Service]
User=pulseaudio
ExecStart=/usr/bin/pulseaudio
Restart=on-failure
[Install]
WantedBy=sound.target