On Sun, 2020-06-21 at 22:09 +0200, Piotr Karbowski wrote: > Hi, > > Re-sending news item inline. > > ### > > Title: xorg-server dropping default suid > Author: Piotr Karbowski <slashbe...@gentoo.org> > Posted: 2020-06-22 > Revision: 1 > News-Item-Format: 2.0 > Display-If-Installed: x11-base/xorg-server > > The Gentoo X11 Team is announcing that starting with 15th of July, > the x11-base/xorg-server will no longer default to suid and will default > to using logind interface instead. This change makes xorg-server run as > regular user rather than root by default, however, those who do not have > any logind interface provider (either systemd or elogind) will need to > enable either to make it possible to run X session as unprivileged user.
No offense but it sounds a little chaotic to me. How about something like: Starting 2020-07-15 [use ISO dates, please], x11-base/xorg-server will default to using logind interface instead of suid by default. It will result in ... [what? better security?] through running the server as a regular user instead of root. However, this will require our users to use a logind provider such as elogind or systemd. > No action is required from systemd and desktop profile users, since > systemd provides logind interface, and desktop profile already enables > 'elogind' USE flag globally. > > Rest of the non-systemd users is required to globally enable 'elogind' The remaining users are ... 'elogind' [or 'systemd'?] > USE flag and apply it by 'emerge --newuse @world' Cut sentence here. > , after which, re-login > is required so that PAM can allocate seat. Afterwards, ... > > One can confirm that a seat has been assigned upon login by running: > > $ loginctl user-status > > Those who for whatever reason want to preserve current state, while > heavily discourage, can still use x11-base/xorg-server with 'suid -elogind'. 'whatever reason' doesn't sound professional. How about: Users who do not wish to use logind interface can manually reenable 'suid' flag in order to preserve the previous behavior. However, please note that this is heavily discouraged... [maybe explain why? also, are we going to eventually remove it?] -- Best regards, Michał Górny
Description: This is a digitally signed message part