On Sun, 2020-06-21 at 22:09 +0200, Piotr Karbowski wrote:
> Hi,
> Re-sending news item inline.
> ###
> Title: xorg-server dropping default suid
> Author: Piotr Karbowski <slashbe...@gentoo.org>
> Posted: 2020-06-22
> Revision: 1
> News-Item-Format: 2.0
> Display-If-Installed: x11-base/xorg-server
> The Gentoo X11 Team is announcing that starting with 15th of July,
> the x11-base/xorg-server will no longer default to suid and will default
> to using logind interface instead. This change makes xorg-server run as
> regular user rather than root by default, however, those who do not have
> any logind interface provider (either systemd or elogind) will need to
> enable either to make it possible to run X session as unprivileged user.

No offense but it sounds a little chaotic to me.  How about something

Starting 2020-07-15 [use ISO dates, please], x11-base/xorg-server will
default to using logind interface instead of suid by default. It will
result in ... [what? better security?] through running the server
as a regular user instead of root. However, this will require our users
to use a logind provider such as elogind or systemd.

> No action is required from systemd and desktop profile users, since
> systemd provides logind interface, and desktop profile already enables
> 'elogind' USE flag globally.
> Rest of the non-systemd users is required to globally enable 'elogind'

The remaining users are ... 'elogind' [or 'systemd'?]

> USE flag and apply it by 'emerge --newuse @world'

Cut sentence here.

> , after which, re-login
> is required so that PAM can allocate seat.

Afterwards, ...

> One can confirm that a seat has been assigned upon login by running:
>     $ loginctl user-status
> Those who for whatever reason want to preserve current state, while
> heavily discourage, can still use x11-base/xorg-server with 'suid -elogind'.

'whatever reason' doesn't sound professional.  How about:

Users who do not wish to use logind interface can manually reenable
'suid' flag in order to preserve the previous behavior. However, please
note that this is heavily discouraged... [maybe explain why? also, are
we going to eventually remove it?]

Best regards,
Michał Górny

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to