[SOLVED] Getting Rootless Xorg Working in Slackware-current
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The result was as expected: after startx X running as $USER. Upon killing X I was returned to tty1, all well and good.
After the recent change "--enable-systemd-logind" I returned to the latest distro xorg-server with the "chmod 755 /usr/libexec/Xorg*".
X running as $USER: very good. However, upon killing X and return to tty, I have no backlight.
Has anyone else encountered this? And does anyone know the original permissions for /usr/libexec/Xorg as I would like to change back for testing purposes.
The result is still no backlight on tty upon killing X. Interesting! The only other changes to xorg are the security fixes, but I doubt they have anything to do with it.
For some reason X is taking the backlighting with it. I'll test with rebuiling the xorg-server with the extra disabled items.
Thanks again.
EDIT: upon second thought those simply remove the suid which is the purpose of the chmod 755 I am supposing.
The 'video' group is a complete mess anyway. It is used not only for graphics rendering hardware /dev/dri/*, /dev/fb*, but also for V4L devices such as tv-tuners, capture cards, webcams, which a user would require access to. This is not good priv-sep. IMO there really should be a 'dri' group for the graphics hardware to separate it from the stuff it is reasonable for users to have access to.
Maybe this is something that can be cleaned-up post 15.0?
OK, I have a new question. Many years ago when I last installed, I hit the up arrow when creating $USER which automatically added me to the following groups:
Code:
users lp floppy audio video cdrom plugdev power netdev scanner
Is this deprecated since the introduction of elogind? If so can someone advise me of which groups I should remove myself from?
@ceed
Depends on your usage, try to make a user with just a default group 'users' and see what breaks.
For me it's OK with just that one group, but if you want additional hardware support you may have to add another group to your user.
At least that's how it used to work, no idea if elogind changes anything.
The 'video' group is a complete mess anyway. It is used not only for graphics rendering hardware /dev/dri/*, /dev/fb*, but also for V4L devices such as tv-tuners, capture cards, webcams, which a user would require access to. This is not good priv-sep. IMO there really should be a 'dri' group for the graphics hardware to separate it from the stuff it is reasonable for users to have access to.
Maybe this is something that can be cleaned-up post 15.0?
The groups and priv seperation being a mess is actually what elogind is supposed to fix =P. Honestly, and this is a controversial opinion maybe, I think logind is one of the few good things that came out of systemd.
The groups and priv seperation being a mess is actually what elogind is supposed to fix =P.
Except it doesn't fix it while a single group still controls access to both V4L devices and DRI devices.
To avoid an unnecessary extra group, perhaps making the dri devices root:root and then letting the user access be granted to them though the ACL's that logind applies as part of its seat management would work.
Except it doesn't fix it while a single group still controls access to both V4L devices and DRI devices.
To avoid an unnecessary extra group, perhaps making the dri devices root:root and then letting the user access be granted to them though the ACL's that logind applies as part of its seat management would work.
Thank you @elcore for you good advise. I've removed my $USER from all those extra groups with no obvious ill-effect. I remember now that the "up arrow thing" is an option given when creating a user with adduser. I wonder why it gives that option, of bulk adding the user to those groups, when it's not necessary? Interesting...
Mon Dec 27 23:06:00 UTC 2021
The --enable-systemd-logind change to xorg-server that caused resume from
suspend regressions (and others) has been reverted, and in retrospect it was
a bad idea to take it at that point, but it had appeared as if it wouldn't
cause problems in the case where Xorg was running as root. Oh well, lesson
learned. But the build script has been enhanced to make it easy to build
rootless versions of the xorg-server packages. Just do this:
ROOTLESSX=YES ./x11.SlackBuild xserver xorg-server
Depending on your GPU, this could work for your use case with no problems.
Also, I've gone ahead and taken a couple of shared library version bumps since
the projects (opencv and poppler) have decent track records as far as not
introducing regressions, and if there are any, we've got time to test and fix.
I'm still avoiding some things that aren't as trusted in that regard, and will
likely continue to do so. :-)
So from this, I gather that you still have to recompile xorg for rootless as it is not set by default...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.