| 1 |
200621 Piotr Karbowski wrote: |
| 2 |
> Title: xorg-server dropping default suid |
| 3 |
... |
| 4 |
> The Gentoo X11 Team is announcing that starting with 15th of July, |
| 5 |
> the x11-base/xorg-server will no longer default to suid |
| 6 |
> and will default to using logind interface instead. This change |
| 7 |
> makes xorg-server run as regular user rather than root by default, |
| 8 |
> however those who do not have any logind interface provider |
| 9 |
> -- either systemd or elogind -- will need to enable either |
| 10 |
> to make it possible to run X session as unprivileged user. |
| 11 |
> No action is required from systemd and desktop profile users, |
| 12 |
> since systemd provides logind interface |
| 13 |
> and desktop profile already enables 'elogind' USE flag globally. |
| 14 |
> Rest of the non-systemd users is required to globally enable |
| 15 |
> 'elogind' USE flag and apply it by 'emerge --newuse @world', |
| 16 |
> after which, re-login is required so that PAM can allocate seat. |
| 17 |
> One can confirm that a seat has been assigned upon login by running: |
| 18 |
> $ loginctl user-status |
| 19 |
> Those who for whatever reason want to preserve current state, |
| 20 |
> while heavily discouraged, |
| 21 |
> can still use x11-base/xorg-server with 'suid -elogind'. |
| 22 |
|
| 23 |
Gentoo Wiki says : |
| 24 |
|
| 25 |
elogind is the systemd project's logind, extracted to a standalone package. |
| 26 |
It's designed for users who prefer a non-systemd init system, |
| 27 |
but still want to use popular software such as KDE/Wayland or GNOME |
| 28 |
that otherwise hard-depends on systemd. |
| 29 |
|
| 30 |
startx integration : To have an elogind session created |
| 31 |
when using startx to start the X server (instead of a display manager), |
| 32 |
add the following to the user's ~/.xinitrc file : FILE ~/.xinitrc |
| 33 |
exec dbus-launch --exit-with-session <WINDOW_MANAGER> |
| 34 |
WINDOW_MANAGER in the above example needs to be replaced |
| 35 |
by a window manager or a single application. |
| 36 |
|
| 37 |
I want to use 'startx' to start X , because I don't want to be trapped |
| 38 |
if some problem arises with X or KDE or the login manager |
| 39 |
& I need to change config files or remerge pkgs (etc) to rescue myself. |
| 40 |
With 'startx' I can do all that work from raw TTYs with no problems, |
| 41 |
as I am not forced to go into an X session if I don't want to. |
| 42 |
|
| 43 |
I don't want to use 'systemd', as I want to run a traditional UNIX version |
| 44 |
of Linux + KDE (or Fluxbox) for a simple single-user desktop system. |
| 45 |
|
| 46 |
Why is running 'xorg-server' as root "heavily discouraged" ? |
| 47 |
-- I've been doing that with Gentoo for > 16 yr without any problems. |
| 48 |
AFAIK there are no problems re exploits via I/net browsers, |
| 49 |
which are started by my user as all such user software always is. |
| 50 |
What might go wrong, if I continue to 'startx' |
| 51 |
with 'xorg-server' merged with 'suid -elogind' |
| 52 |
& without the '.xinitrc' line show above in the Wiki ? |
| 53 |
|
| 54 |
Are there any other Gentoo users who have the same preferences as me ? |
| 55 |
|
| 56 |
-- |
| 57 |
========================,,============================================ |
| 58 |
SUPPORT ___________//___, Philip Webb |
| 59 |
ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto |
| 60 |
TRANSIT `-O----------O---' purslowatcadotinterdotnet |
Archives