On Fri, Jul 10, 2020 at 03:13:55PM +0300, Alexey Mishustin wrote: > пт, 10 июл. 2020 г. в 08:27, Walter Dnes <waltd...@waltdnes.org>: > > > 2) When building xorg-server I got a news item about the "suid" flag > > soon no longer being default for xorg-server. I forced it manually on > > my laptop and desktop. The other 3 options were... > > > > * systemd... no thanks. > > * elogind... with PAM doing the authentication... no thanks. I've > > tangled with PAM in the past once too often. > > * some memory-heavy "desktop environment" on my 3-gigs-ram-laptop... > > no thanks. > > There is a way to run rootless X without elogind: > > For Nouveau and Intel video cards except xorg modesetting driver: > https://wiki.gentoo.org/wiki/Non_root_Xorg > > For AMD video cards and/or xorg modesetting driver: > https://forums.gentoo.org/viewtopic-t-1092792-start-0.html
There was some debate on Gentoo-Dev regarding this a while ago ([1] is the discussion, and [2] is the final announcement). It was suggested in [3] that disabling `suid` is a step forward, as running X as root is "anti-pattern", which is probably correct for most cases. Nonetheless, as you do not want to use any of the proposed alternatives (XDM or `startx` with systemd/elogind), just re-enable `suid` and use X as it always has been used in the past, however "anti-UNIX" that may be. The other fundamental reason for this change was security. As described by Dale in [4], from a user's perspective, it should be a reasonable expectation that the defaults, especially for such a widely used package, are secure. [1] https://archives.gentoo.org/gentoo-dev/message/58660319f295f643ae89946d49e0156e [2] https://archives.gentoo.org/gentoo-dev/message/b44d49d7a92e01ce97338e9087ec9323 [3] https://archives.gentoo.org/gentoo-dev/message/6ce49ea52cbb9a1452e30d4b91f7b27c [4] https://archives.gentoo.org/gentoo-dev/message/30b71b916288d028f0557c7c44891f82 -- Ashley Dixon suugaku.co.uk 2A9A 4117 DA96 D18A 8A7B B0D2 A30E BF25 F290 A8AA
signature.asc
Description: PGP signature
