I'm looking to run programs as another user on my Ubuntu MATE 20.04 system without making any persistent system changes such as setting up a systemwide daemon or editing configuration files. The programs are one-off instances, run via ssh or su.
I have granted access to the display server by running xhost +si:localuser:$altaccount, and sent the pulse cookie across via pax11publish -S /run/user/$UID/pulse/native -e.
I then went to give the other user physical access to the socket:
setfacl -m u:$altaccount:x /run/user/$UID /run/user/$UID/pulse
setfacl -m u:$altaccount:rw /run/user/$UID/pulse/native
setfacl -m m::x /run/user/$UID /run/user/$UID/pulse
It worked as expected, but I have to re-run the last command once every few hours as the null ACL mask keeps coming back, even without logging out or rebooting the system—I want the changes to be ephemeral, but not that ephemeral: they should last until I log out.
Does PulseAudio have a "properly supported" way to grant access to other local users ephemerally? I don't want to make any lasting system changes; config drift is a pox and I hate keeping track of every little "tweak" I've made to the system that might have unexpected interactions, complications, or conflicts with other things I try to do in the future.
