TL;DR I am trying to make aplay play a wav file. This requires the current user to be in the audio group. It works fine when I invoke it from a logged in user, even when I su -u www-data but the nginx/php-fpm environment strips the all important audio group from the www-data user and then it fails.
Now for the tedious stuff.
I have the following bash script working fine for my login user who has the audio group:
#!/bin/bash
# the user invoking aplay must be added to the audio group eg: 
# sudo groupmod -a -U $USER audio
echo "playing sound"
ls -al $(dirname $0)/sounds/$1.wav
echo "User: $USER Groups: `groups`"
aplay -vl
echo "aplay -vl returned $?"
aplay -v -D dmix:CARD=Device,DEV=0 $(dirname $0)/sounds/$1.wav
echo "aplay -v -D dmix:CARD=Device,DEV=0... returned $?"
echo "done"
So far so good. Now I want to run it from my nginx/php-fpm website. The server is running as user www-data so I added that to the audio group and verified with
sudo -u www-data groups
output is
www-data audio
So I am confident that www-data has the right group. My website invokes the above bash script using PHP's shell_exec() like this:
shell_exec($_SERVER['DOCUMENT_ROOT']."/play.sh somesound 2>&1 >> /tmp/output");
which means it logs to its own file while I am testing. I get the following output in the /tmp/output file:
playing sound
-rw-rw-r-- 1 www-data www-data 3714092 Oct  7 11:05 /var/www/backend-php/sounds/somesound.wav
User: www-data Groups: www-data
aplay -vl returned 0
aplay -v -D dmix:CARD=Device,DEV=0... returned 1
done
This tells me two things. First, the groups listed do not include audio and second the status from the second aplay command is 1, which is probably because of the missing audio group. Also, it goes without saying, there is no sound. The first aplay command is querying for devices and appears to find none, which is different to what I see when I run it from my logged in user.
I also ran it with a little php jacket that looks like this:
<?php
$output = shell_exec('/var/www/backend-php/play.sh somesound');
echo "<pre>$output</pre>";
?>
I copied that into the /var/www/backend-php directory and invoked it with:
sudo -u www-data php /var/www/backend-php/test.php
And that worked. It also logged that the audio group is present on www-data. This shows that the problem is not file permissions etc, it is something about losing the audio group when invoked by the nginx/php-fpm environment.
So my question is: what happened to that audio group? Why doesn't it appear for the same user when invoked under nginx/php-fpm?
For completeness: this is Debian 13 (trixie) running on a Beaglebone. I've actually had it running just fine on this machine for a while under Debian 12, including the sound. But I've recently reinstalled from scratch. Everything else is working fine, but not the sound. I'm using php8.4-fpm and nginx 1.26.3-3+deb13u1. There is a good chance there is some configuration step I forgot this time around.
Thanks for any help.