1 |
23.07.2020 22:25, Neil Bothwick пишет: |
2 |
> On Thu, 23 Jul 2020 15:15:04 +0300, i.Dark_Templar wrote: |
3 |
> |
4 |
>> With x11-base/xorg-server-1.20.8[elogind,suid] I could just do "sudo -i |
5 |
>> -u another-user DISPLAY= XAUTHORITY= startx $application $app_args -- |
6 |
>> :$nextdisplay" from running X11 session and get myself a separate new |
7 |
>> X11 session running from different user. |
8 |
>> |
9 |
>> With x11-base/xorg-server-1.20.8-r1[elogind,suid] it is also possible to |
10 |
>> do this if line 'allowed_users = anybody' is added to file |
11 |
>> '/etc/X11/X11/Xwrapper.config'. |
12 |
>> |
13 |
>> But with x11-base/xorg-server-1.20.8-r1[elogind,-suid] I couldn't make a |
14 |
>> similar setup to work. I've tried adding options '-keeptty' or 'vt?' or |
15 |
>> both, but all I get are errors like these: |
16 |
>> |
17 |
>> Fatal server error: |
18 |
>> (EE) parse_vt_settings: Cannot open /dev/tty0 (Permission denied) |
19 |
> |
20 |
> Is your new user a member of the tty group? |
21 |
> |
22 |
> |
23 |
|
24 |
No. Should I add every user I wish to allow running Xorg without suid in |
25 |
such setup to tty group? I don't like such idea. Currently, there are no |
26 |
users in this group. Granting a user permissions to control every tty |
27 |
looks like an overkill and an insecure setting. |
28 |
|
29 |
I'm not trying to fix this setup at any cost. I'm trying to figure out |
30 |
if it's possible to do this without suid and I'm just missing something, |
31 |
or if I should stick to suid for my use-case. |