23.07.2020 22:25, Neil Bothwick пишет: > On Thu, 23 Jul 2020 15:15:04 +0300, i.Dark_Templar wrote: > >> With x11-base/xorg-server-1.20.8[elogind,suid] I could just do "sudo -i >> -u another-user DISPLAY= XAUTHORITY= startx $application $app_args -- >> :$nextdisplay" from running X11 session and get myself a separate new >> X11 session running from different user. >> >> With x11-base/xorg-server-1.20.8-r1[elogind,suid] it is also possible to >> do this if line 'allowed_users = anybody' is added to file >> '/etc/X11/X11/Xwrapper.config'. >> >> But with x11-base/xorg-server-1.20.8-r1[elogind,-suid] I couldn't make a >> similar setup to work. I've tried adding options '-keeptty' or 'vt?' or >> both, but all I get are errors like these: >> >> Fatal server error: >> (EE) parse_vt_settings: Cannot open /dev/tty0 (Permission denied) > > Is your new user a member of the tty group? > >
No. Should I add every user I wish to allow running Xorg without suid in such setup to tty group? I don't like such idea. Currently, there are no users in this group. Granting a user permissions to control every tty looks like an overkill and an insecure setting. I'm not trying to fix this setup at any cost. I'm trying to figure out if it's possible to do this without suid and I'm just missing something, or if I should stick to suid for my use-case.
