| 1 |
On Wed, Jul 22, 2020 at 02:29:48AM -0000, Grant Edwards wrote |
| 2 |
> On 2020-07-22, Walter Dnes <waltdnes@××××××××.org> wrote: |
| 3 |
> > |
| 4 |
> > According to news item https://www.gentoo.org/support/news-items/2020-06-24-xorg-server-dropping-default-suid.html |
| 5 |
> > |
| 6 |
> > * xorg-server will no longer be "suid" *BY DEFAULT* |
| 7 |
> > * that means *THE DEFAULT* is to require a logind server like systemd |
| 8 |
> > or elogind |
| 9 |
> > |
| 10 |
> > The news item also says... |
| 11 |
> > |
| 12 |
> >> Users who do not wish to use logind interface or have rare hardware |
| 13 |
> >> that does not use KMS and because of that, require root privileges |
| 14 |
> >> to operate, can manually re-enable 'suid' and disable 'elogind' USE |
| 15 |
> >> flags in order to preserve the previous behavior. |
| 16 |
> |
| 17 |
> Yes, that's what I did months ago, and everything worked fine with |
| 18 |
> Xorg using the "suid" flag and without consolekit or elogind -- until |
| 19 |
> this morning, when pam refused to upgrade unless I set the elogind USE |
| 20 |
> flag. |
| 21 |
|
| 22 |
The news item said that to retain old behaviour you need to do *BOTH* |
| 23 |
- set x11-base/xorg-server suid (which I did in package.use) |
| 24 |
- set "-elogind" (which I did in USE in make.conf) |
| 25 |
|
| 26 |
BTW, I have pam totally masked out... |
| 27 |
|
| 28 |
[i660][root][~] cat /etc/portage/package.mask/package.mask |
| 29 |
sys-apps/pv |
| 30 |
sys-auth/pambase |
| 31 |
sys-libs/pam |
| 32 |
virtual/pam |
| 33 |
|
| 34 |
Years ago, back when pam was default on the Gentoo install, it was to |
| 35 |
many users what HAL was to Dale, causing problems galore. The root of |
| 36 |
the problem was that pam provided "enhanced security" for some apps by |
| 37 |
changing to a different config file for the app, using different config |
| 38 |
specs. You could run "man <appname>" and do all the Google searches you |
| 39 |
wanted, but you always ended up with instructions for configuring the |
| 40 |
"un-pam-ified" version, not the "pam-ified" version. "Everything you |
| 41 |
know is wrong". So I fell into the habit of removing pam right after |
| 42 |
installation. |
| 43 |
|
| 44 |
And the reason I mask out "sys-apps/pv" is because too many times when |
| 45 |
I want to run "emerge -pv <appname>" I did "emerge pv <appname>" which |
| 46 |
has a *TOTALLY* different meaning. |
| 47 |
|
| 48 |
-- |
| 49 |
Walter Dnes <waltdnes@××××××××.org> |
| 50 |
I don't run "desktop environments"; I run useful applications |
Archives