1 |
On Wed, Jul 22, 2020 at 02:29:48AM -0000, Grant Edwards wrote |
2 |
> On 2020-07-22, Walter Dnes <waltdnes@××××××××.org> wrote: |
3 |
> > |
4 |
> > According to news item https://www.gentoo.org/support/news-items/2020-06-24-xorg-server-dropping-default-suid.html |
5 |
> > |
6 |
> > * xorg-server will no longer be "suid" *BY DEFAULT* |
7 |
> > * that means *THE DEFAULT* is to require a logind server like systemd |
8 |
> > or elogind |
9 |
> > |
10 |
> > The news item also says... |
11 |
> > |
12 |
> >> Users who do not wish to use logind interface or have rare hardware |
13 |
> >> that does not use KMS and because of that, require root privileges |
14 |
> >> to operate, can manually re-enable 'suid' and disable 'elogind' USE |
15 |
> >> flags in order to preserve the previous behavior. |
16 |
> |
17 |
> Yes, that's what I did months ago, and everything worked fine with |
18 |
> Xorg using the "suid" flag and without consolekit or elogind -- until |
19 |
> this morning, when pam refused to upgrade unless I set the elogind USE |
20 |
> flag. |
21 |
|
22 |
The news item said that to retain old behaviour you need to do *BOTH* |
23 |
- set x11-base/xorg-server suid (which I did in package.use) |
24 |
- set "-elogind" (which I did in USE in make.conf) |
25 |
|
26 |
BTW, I have pam totally masked out... |
27 |
|
28 |
[i660][root][~] cat /etc/portage/package.mask/package.mask |
29 |
sys-apps/pv |
30 |
sys-auth/pambase |
31 |
sys-libs/pam |
32 |
virtual/pam |
33 |
|
34 |
Years ago, back when pam was default on the Gentoo install, it was to |
35 |
many users what HAL was to Dale, causing problems galore. The root of |
36 |
the problem was that pam provided "enhanced security" for some apps by |
37 |
changing to a different config file for the app, using different config |
38 |
specs. You could run "man <appname>" and do all the Google searches you |
39 |
wanted, but you always ended up with instructions for configuring the |
40 |
"un-pam-ified" version, not the "pam-ified" version. "Everything you |
41 |
know is wrong". So I fell into the habit of removing pam right after |
42 |
installation. |
43 |
|
44 |
And the reason I mask out "sys-apps/pv" is because too many times when |
45 |
I want to run "emerge -pv <appname>" I did "emerge pv <appname>" which |
46 |
has a *TOTALLY* different meaning. |
47 |
|
48 |
-- |
49 |
Walter Dnes <waltdnes@××××××××.org> |
50 |
I don't run "desktop environments"; I run useful applications |