Support non-root X

As asked on the lightdm mailing list thread, I think we'd be interested in Debian, although I'm not sure what are the Xorg team plans.

Ditto for openSUSE. Once upstream Xorg/systemd supports this most Linux distros will probably make use of it.

Pieces of code for make X11 rootless and drivers are being merged, so is obvious the need to support a minimal for the rootless X11 in a so-near future.
Arch Devs say that they simply are waiting uptram full support.

Looking forward to seeing this implemented someday.

Hey Robert,

is there any progress on this? X in Debian is no longer setuid-root so it'd be nice to be able to launch it as non-root too.

I'm not currently working on this but I'm happy to review any patches. Any more details on exactly how this should work would be useful here.

Hi,

What is necessary for X to be able to run as non root is for the display-manager to allocate a tty for it, set that up with all the normal tty setup bits (proper permissions, create a new sid for the session), and then start "X" on that tty inside the new session, note this session should also be properly registered with systemd, but pam should take care of that for you when you login the user through pam, I guess pam probably also creates a new sid for you. X can not do this itself when not running as root.

Basically you want to duplicate the tty setup + login logic of "getty + login", currently X runs fine as non root from a simple text login + startx.

You may also want to talk to Ray Strode who has made the necessary changes for this for gdm.

Regards,

Hans

How would this affect non-VT Xorg instances (e.g. non-seat0 Xorg ones or other ones with a video driver which sets HW_SKIP_CONSOLE)?

non seat0 xorg servers are usually started with -sharevts or some such, and in that case the tty setup does not matter. They do still need to be started inside a session registered with systemd-logind for their seat.

Note AFAIK no-one has tested non seat0 with non-root X yet, but it should work.

Hans,

Just a note: since release 1.16, non-seat0 Xorg servers no longer need -sharevts, since they don't touch VTs. You've reviewed and commited my patch, do you remember? :-)

Unfortunately I can't test non-root Xorg in non-seat0 case, because my secondary graphics card doesn't have DRM/KMS drivers.

Hi Laércio,

A yes I remember, you're right.

Regards,

Hans

Hans et al.,

I'm observing GDM behaviour with non-root Xorg. I see that GDM by default
keeps the greeter session alive, switching to another VT in order to start
a new user session. Shouldn't it break for non-seat0 seats, since they
can't handle multiple sessions due to lack of VT support?

I think it would better for LightDM to have the default (or optional)
behaviour of quitting greeter session and reusing its VT for the next user
session. It implies terminating greeter's Xorg before launching user's one.

Em qua, 20 de jan de 2016 às 16:15, Bug Watch Updater <
<email address hidden>> escreveu:

> ** Changed in: lightdm (Debian)
> Status: Unknown => Confirmed
>
> --
> You received this bug notification because you are subscribed to Light
> Display Manager.
> https://bugs.launchpad.net/bugs/1292324
>
> Title:
> Support non-root X
>
> Status in Light Display Manager:
> Triaged
> Status in lightdm package in Ubuntu:
> Triaged
> Status in lightdm package in Debian:
> Confirmed
>
> Bug description:
> Support running X as an unprivileged user.
>
> Currently X servers are run as root means a large complex process has
> access to services it might not need (i.e. potential security and
> stability problems). It would be nice to run each X server as either
> an unprivileged user or in the session they are being used in.
>
> Logind provides a system for sharing access to the display and input
> devices so this can be done - this seems like the most likely
> implementation of non-root X.
>
> For more information see Hans de Goede request:
> http://lists.freedesktop.org/archives/lightdm/2014-March/000539.html
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/lightdm/+bug/1292324/+subscriptions
>

Robert,

I know you weren't interested in this but would review patches if needed. Could you point people to the right directions on where to drop privileges before running X server and stuff like that?

I am interested in this feature, just not working on it :)

From what I understand reading the comments here the correct place to do this is inside session-child.c - i.e. run the X server process after dropping privileges but before the session is run. A new XServerInSession class will probably have to be made so LightDM is happy though the work will be done inside session-child.c. This will probably be a bit odd in the LightDM architecture, so some refactoring is probably suggested to make these changes fit in a bit better (though that can be done later).