1 |
Title: xorg-server dropping default suid |
2 |
Author: Piotr Karbowski <slashbeast@g.o> |
3 |
Posted: 2020-06-22 |
4 |
Revision: 2 |
5 |
News-Item-Format: 2.0 |
6 |
Display-If-Installed: x11-base/xorg-server |
7 |
|
8 |
Starting 2020-07-15, x11-base/xorg-server will default to using the |
9 |
logind interface instead of suid by default. resulting in better |
10 |
security by default through running the server as a regular user instead |
11 |
of root. However, this will require our users to use a logind provider |
12 |
such as elogind or systemd. The systemd users and those who are not |
13 |
using systemd but use desktop profiles can stop reading here, as they |
14 |
already have a logind provider enabled. |
15 |
|
16 |
Others, who have neither systemd or desktop profiles enabled will be |
17 |
required to globally enable 'elogind' USE flag and update the system |
18 |
|
19 |
# emerge --newuse @world |
20 |
|
21 |
Afterwards, one will need to re-login, so the PAM can assign a seat. One |
22 |
can confirm that a seat has been assigned upon login by running: |
23 |
|
24 |
$ loginctl user-status |
25 |
|
26 |
Users who do not wish to use logind interface or have rare hardware that |
27 |
does not use KMS and because of that, require root privileges to |
28 |
operate, can manually re-enable 'suid' and disable 'elogind' USE flags |
29 |
in order to preserve the previous behavior. However, please note that |
30 |
this is heavily discouraged to run X server as root due to security |
31 |
reasons. The 'suid' USE flag will remain as optional opt-in for the need |
32 |
of legacy hardware. |