1 |
200621 Piotr Karbowski wrote: |
2 |
> Title: xorg-server dropping default suid |
3 |
... |
4 |
> The Gentoo X11 Team is announcing that starting with 15th of July, |
5 |
> the x11-base/xorg-server will no longer default to suid |
6 |
> and will default to using logind interface instead. This change |
7 |
> makes xorg-server run as regular user rather than root by default, |
8 |
> however those who do not have any logind interface provider |
9 |
> -- either systemd or elogind -- will need to enable either |
10 |
> to make it possible to run X session as unprivileged user. |
11 |
> No action is required from systemd and desktop profile users, |
12 |
> since systemd provides logind interface |
13 |
> and desktop profile already enables 'elogind' USE flag globally. |
14 |
> Rest of the non-systemd users is required to globally enable |
15 |
> 'elogind' USE flag and apply it by 'emerge --newuse @world', |
16 |
> after which, re-login is required so that PAM can allocate seat. |
17 |
> One can confirm that a seat has been assigned upon login by running: |
18 |
> $ loginctl user-status |
19 |
> Those who for whatever reason want to preserve current state, |
20 |
> while heavily discouraged, |
21 |
> can still use x11-base/xorg-server with 'suid -elogind'. |
22 |
|
23 |
Gentoo Wiki says : |
24 |
|
25 |
elogind is the systemd project's logind, extracted to a standalone package. |
26 |
It's designed for users who prefer a non-systemd init system, |
27 |
but still want to use popular software such as KDE/Wayland or GNOME |
28 |
that otherwise hard-depends on systemd. |
29 |
|
30 |
startx integration : To have an elogind session created |
31 |
when using startx to start the X server (instead of a display manager), |
32 |
add the following to the user's ~/.xinitrc file : FILE ~/.xinitrc |
33 |
exec dbus-launch --exit-with-session <WINDOW_MANAGER> |
34 |
WINDOW_MANAGER in the above example needs to be replaced |
35 |
by a window manager or a single application. |
36 |
|
37 |
I want to use 'startx' to start X , because I don't want to be trapped |
38 |
if some problem arises with X or KDE or the login manager |
39 |
& I need to change config files or remerge pkgs (etc) to rescue myself. |
40 |
With 'startx' I can do all that work from raw TTYs with no problems, |
41 |
as I am not forced to go into an X session if I don't want to. |
42 |
|
43 |
I don't want to use 'systemd', as I want to run a traditional UNIX version |
44 |
of Linux + KDE (or Fluxbox) for a simple single-user desktop system. |
45 |
|
46 |
Why is running 'xorg-server' as root "heavily discouraged" ? |
47 |
-- I've been doing that with Gentoo for > 16 yr without any problems. |
48 |
AFAIK there are no problems re exploits via I/net browsers, |
49 |
which are started by my user as all such user software always is. |
50 |
What might go wrong, if I continue to 'startx' |
51 |
with 'xorg-server' merged with 'suid -elogind' |
52 |
& without the '.xinitrc' line show above in the Wiki ? |
53 |
|
54 |
Are there any other Gentoo users who have the same preferences as me ? |
55 |
|
56 |
-- |
57 |
========================,,============================================ |
58 |
SUPPORT ___________//___, Philip Webb |
59 |
ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto |
60 |
TRANSIT `-O----------O---' purslowatcadotinterdotnet |