On 25/08/2019 18:26, Ken Moffat via blfs-dev wrote: > On Sun, Aug 25, 2019 at 02:41:17PM +0200, Pierre Labastie via blfs-dev wrote: >> On 25/08/2019 04:56, DJ Lucas via blfs-dev wrote: >>> >>> >>> On 8/24/2019 9:53 PM, Ken Moffat via blfs-dev wrote: >>>> Not sure how any of this fits with Pierre's earlier observation >>>> about multiple users on the same machine, and frankly that part is >>>> not my problem. Now I really WILL step away from the machine. >>>> >>>> Goodnight, thanks for the assistance. >>> Goodnight. Thanks for the assistance. I think ultimately we go back to >>> setuid >>> Xorg for now. We'll see what happens from there. >>> >> >> Well, I won't oppose that, although I do not like it: on this system, apart >> from the keyboard issue with gdm, I have all DE's working (not tested >> thoroughly, though), with a non suid Xorg and mountcgroupfs disabled. >> > > Hi Pierre, > > I agree that going back to setuid seems unnecessary. > > Are you in the wheel group ? > >> For the permissions: as soon a logind is started it adds some ACL's to >> /dev/dri/card0 for the logged in user (even if logged in on the console, I >> think): for example: >> >> $ getfacl /dev/dri/card0 >> # file: dev/dri/card0 >> # owner: root >> # group: video >> user::rw- >> user:pierre:rw- >> group::rw- >> mask::rw- >> other::--- >> >> So no need to belong to the video group. >> > > At the moment I'm on the old machine, where I was intending to get > the mouse working - but I think I've got hardware failures (on > recent systems, Xorg comes up with a resolution which the monitor > doesn't support and the log shows modelines only for 1024x768 and > lower). > > On the pre-9.0 system on my haswell I'll explore membership of the > wheel group. > >> Note that the ACL is not changed if you do 'su - new-user'. >> >> OTOH, for the /dev/input/* files, their permissions do not seem to be >> changed. >> But I can tell you that I have functional keyboard and mouse, without >> belonging to the input group. >> >> Pierre > > My _current_ understanding is that with the whole elogind stack, > polkit provides the authorization for /dev/input/ but only for admin > users, and an admin user appears to mean anybody in the wheel group. >
I've added myself to the wheel group to see if it could change something for the gdm problem. But before that, I've been able to start X without belonging to this group several times before (and during my first adventures with gdm too). So no, I do not think you need to belong to an administrative group to access /dev/input/xxx. Actually, I don't think polkit is involved for accessing those: it is the whole purpose of dbus to provide access to hardware devices for normal users. I've not read the whole thread in details (have been out of town for a day and a half), so you may already have tried this, but I would suggest that you try to recompile elogind, Xorg libraries, and then dbus again. Pierre -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
