You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2011-01-16 16:48:56
- rubenvb
- Member
- Registered: 2011-01-14
- Posts: 99
rootless X
I have read that in other distro's it us possible to run X as a user and that this increases security. How can I do this in Arch?
Thanks!
Offline
#2 2011-01-16 17:03:10
- cesura
- Package Maintainer (PM)
- From: Tallinn, Estonia
- Registered: 2010-01-23
- Posts: 1,867
Re: rootless X
I have read that in other distro's it us possible to run X as a user and that this increases security. How can I do this in Arch?
Thanks!
# adduser
# cp /root/.xinitrc /home/newuser/.xinitrc
$ su newuser
$ startxOffline
#3 2011-01-16 17:45:08
- karol
- Archivist
- Registered: 2009-05-06
- Posts: 25,440
Re: rootless X
rubenvb wrote:I have read that in other distro's it us possible to run X as a user and that this increases security. How can I do this in Arch?
Thanks!
# adduser # cp /root/.xinitrc /home/newuser/.xinitrc $ su newuser $ startx
cp /etc/skel/.xinitrc /home/newuser/.xinitrc+ make needed changes.
If you copy from /root, the file should still belong to root. And my root doesn't have one to begin with.
You really shouldn't run X or GUI apps as root :-) What made you think you should?
Edit: typo + grammar.
Last edited by karol (2011-01-16 17:51:29)
Offline
#4 2011-01-16 17:48:40
- cesura
- Package Maintainer (PM)
- From: Tallinn, Estonia
- Registered: 2010-01-23
- Posts: 1,867
Re: rootless X
itsbrad212 wrote:rubenvb wrote:I have read that in other distro's it us possible to run X as a user and that this increases security. How can I do this in Arch?
Thanks!
# adduser # cp /root/.xinitrc /home/newuser/.xinitrc $ su newuser $ startxcp /etc/skel/.xinitrc /home/newuser/.xinitrc+ make needed changes.
If you copy from /root, the file should still belong to root. And I my root doesn't have one to begin with.
And you shouldn't really run X or GUI apps as root :-) What made you think you should?
I always use root just to test the X server for the first time. 
'Cause I'm lazy.
Offline
#5 2011-01-16 17:52:23
- Coacher
- Guest
Re: rootless X
[coacher@Photon ~]$ ls -la /usr/bin/Xorg
-rwsr-xr-x 1 root root 1938024 Ноя 2 01:30 /usr/bin/Xorg
Anyway X will have 'root' owner when running, because of SetUID bit. And I guess this is the thing OP interested in.
#6 2011-01-16 17:54:16
- fsckd
- Forum Fellow
- Registered: 2009-06-15
- Posts: 4,173
Re: rootless X
Seriously?
itsbrad212 and karol: give us the output of ps aux | grep X | grep root
On my system, Xorg is suid to root by installation. Is this not true for you guys?
aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies
Offline
#7 2011-01-16 17:57:59
- patroclo7
- Member
- From: Bassano del Grappa, ITALY
- Registered: 2006-01-11
- Posts: 915
Re: rootless X
Yes, it is suid to root even if you use startx as a user.
To run without suid, Xorg needs to be patched and configured with a certain flag. Moreover it is possible only for KMS-enabled drivers. Thsi thread from the gentto forums has some not very up-to-date infos:
http://forums.gentoo.org/viewtopic-t-81 … art-0.html
Last edited by patroclo7 (2011-01-16 18:03:09)
Mortuus in anima, curam gero cutis
Offline
#8 2011-01-16 18:00:26
- Coacher
- Guest
Re: rootless X
OP should look here for some info
http://www.phoronix.com/scan.php?page=n … &px=ODIzNQ
https://wiki.ubuntu.com/X/Rootless
http://lwn.net/Articles/341033/
Last edited by Coacher (2011-01-16 18:01:04)
#9 2011-01-16 18:03:36
- karol
- Archivist
- Registered: 2009-05-06
- Posts: 25,440
Re: rootless X
Seriously?
itsbrad212 and karol: give us the output of ps aux | grep X | grep root
On my system, Xorg is suid to root by installation. Is this not true for you guys?
Umm, yeah, it is, sorry.
I have mixed up X and startx / .xinitrc.
<looks menacingly at Brad>
I've read headlines like "A Root-less X Server Nears Reality" but I don't know anything more so I will just shut p.
Offline
#10 2011-01-16 18:55:14
- rubenvb
- Member
- Registered: 2011-01-14
- Posts: 99
Re: rootless X
@all: yes, the phoronix and Ubuntu links are what I'm after.
I seem to have forgotten that NVIDIA proprietary drivers aren't very KMS-friendly. (note to self: must get good ATI/AMD laptop).
I take it that Arch doesn't make the whole KMS/root-less X a default in any way?
Thanks
Offline
#11 2011-01-16 19:00:13
- Gusar
- Member
- Registered: 2009-08-25
- Posts: 3,605
Re: rootless X
I seem to have forgotten that NVIDIA proprietary drivers aren't very KMS-friendly. (note to self: must get good ATI/AMD laptop)
Not a problem. The nvidia blob hasn't required root for a long time now. And getting a laptop with AMD graphics would be a mistake IMO, nvidia's driver is still by far the best.
Last edited by Gusar (2011-01-16 19:02:03)
Offline
#12 2011-01-16 19:01:53
- Mr Green
- Forum Fellow
- From: U.K.
- Registered: 2003-12-21
- Posts: 5,896
- Website
Re: rootless X
https://wiki.archlinux.org/index.php/The_Arch_Way
Your system your rules
Nothing is done by default you are in control
Welcome to Arch
Mr Green
Offline
#13 2011-01-16 19:29:00
- rubenvb
- Member
- Registered: 2011-01-14
- Posts: 99
Re: rootless X
@Gusar: please explain "the nvidia binary blob has not required root for a long time". Reading the Archlinux wiki on KMS says different... and the NVIDIA page doesn't even mention KMS.
@Mr Green: I understand that, but when you step back and think about it: a lot of things have a lot of default settings and most of them are very good. (well, just speaking out of experience here , sidux/aptosid was pretty much the same, except they were more out-of-date and very scared of non-debian packages)
Offline
#14 2011-01-16 21:22:19
- cesura
- Package Maintainer (PM)
- From: Tallinn, Estonia
- Registered: 2010-01-23
- Posts: 1,867
Re: rootless X
fsckd wrote:Seriously?
itsbrad212 and karol: give us the output of ps aux | grep X | grep root
On my system, Xorg is suid to root by installation. Is this not true for you guys?
Umm, yeah, it is, sorry.
I have mixed up X and startx / .xinitrc.
<looks menacingly at Brad>I've read headlines like "A Root-less X Server Nears Reality" but I don't know anything more so I will just shut p.
Son of a....
In my own defense, the question was ambiguous.
Offline
#15 2011-01-16 21:59:51
- Gusar
- Member
- Registered: 2009-08-25
- Posts: 3,605
Re: rootless X
@Gusar: please explain "the nvidia binary blob has not required root for a long time". Reading the Archlinux wiki on KMS says different...
That page merely states that the nvidia driver doesn't use KMS (note, this doesn't mean the driver doesn't do modesetting in the kernel. it does).
The nvidia driver is a whole different animal from the open source stack. Whenever you read about implementations that the open drivers use (TTM/GEM, DRI2, KMS, AIGLX, etc, etc) is has no bearing at all on the nvidia driver. The nvidia driver needs to be evaluated completely separately, because it uses it's own implementations of pretty much everything.
Offline
Pages: 1