| 1 |
23.07.2020 22:25, Neil Bothwick пишет: |
| 2 |
> On Thu, 23 Jul 2020 15:15:04 +0300, i.Dark_Templar wrote: |
| 3 |
> |
| 4 |
>> With x11-base/xorg-server-1.20.8[elogind,suid] I could just do "sudo -i |
| 5 |
>> -u another-user DISPLAY= XAUTHORITY= startx $application $app_args -- |
| 6 |
>> :$nextdisplay" from running X11 session and get myself a separate new |
| 7 |
>> X11 session running from different user. |
| 8 |
>> |
| 9 |
>> With x11-base/xorg-server-1.20.8-r1[elogind,suid] it is also possible to |
| 10 |
>> do this if line 'allowed_users = anybody' is added to file |
| 11 |
>> '/etc/X11/X11/Xwrapper.config'. |
| 12 |
>> |
| 13 |
>> But with x11-base/xorg-server-1.20.8-r1[elogind,-suid] I couldn't make a |
| 14 |
>> similar setup to work. I've tried adding options '-keeptty' or 'vt?' or |
| 15 |
>> both, but all I get are errors like these: |
| 16 |
>> |
| 17 |
>> Fatal server error: |
| 18 |
>> (EE) parse_vt_settings: Cannot open /dev/tty0 (Permission denied) |
| 19 |
> |
| 20 |
> Is your new user a member of the tty group? |
| 21 |
> |
| 22 |
> |
| 23 |
|
| 24 |
No. Should I add every user I wish to allow running Xorg without suid in |
| 25 |
such setup to tty group? I don't like such idea. Currently, there are no |
| 26 |
users in this group. Granting a user permissions to control every tty |
| 27 |
looks like an overkill and an insecure setting. |
| 28 |
|
| 29 |
I'm not trying to fix this setup at any cost. I'm trying to figure out |
| 30 |
if it's possible to do this without suid and I'm just missing something, |
| 31 |
or if I should stick to suid for my use-case. |
Archives