From owner-freebsd-doc Sun Jan 21 16:20:21 2001 Delivered-To: freebsd-doc@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 3D0B037B402 for ; Sun, 21 Jan 2001 16:20:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f0M0K1M28301; Sun, 21 Jan 2001 16:20:01 -0800 (PST) (envelope-from gnats) Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138]) by hub.freebsd.org (Postfix) with ESMTP id 4964337B400 for ; Sun, 21 Jan 2001 16:15:09 -0800 (PST) Received: from hornet.unixfreak.org (hornet [63.198.170.140]) by bazooka.unixfreak.org (Postfix) with ESMTP id 02EAA3E02 for ; Sun, 21 Jan 2001 16:15:08 -0800 (PST) Received: (from dima@localhost) by hornet.unixfreak.org (8.11.1/8.11.1) id f0M0F8a81596; Sun, 21 Jan 2001 16:15:08 -0800 (PST) (envelope-from dima) Message-Id: <200101220015.f0M0F8a81596@hornet.unixfreak.org> Date: Sun, 21 Jan 2001 16:15:08 -0800 (PST) From: dima@unixfreak.org Reply-To: dima@unixfreak.org To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: docs/24517: [PATCH] New FAQ entry about problems running X as non-root Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 24517 >Category: docs >Synopsis: [PATCH] New FAQ entry about problems running X as non-root >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Jan 21 16:20:00 PST 2001 >Closed-Date: >Last-Modified: >Originator: Dima Dorfman >Release: FreeBSD 5.0-CURRENT i386 >Organization: Private >Environment: System: FreeBSD spike.unixfreak.org 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Fri Jan 19 16:26:06 PST 2001 dima@spike.unixfreak.org:/usr/home/dima/w/f/src/sys/compile/SPIKE i386 >Description: It seems that for some reason a lot of people have been having problems running X because they start it as a non-root user. Most probably, this is due to the general public starting to upgrade to XFree86 4, which doesn't install its servers setuid to root. The attached patch adds an FAQ entry describing the need to either use xdm or Xwrapper if one wishes to run X as a regular user; which one should. >How-To-Repeat: Read -questions. >Fix: Apply the following patch to doc/en_US.ISO_8859-1/books/faq/book.sgml. Index: book.sgml =================================================================== RCS file: /st/src/FreeBSD/doc/en_US.ISO_8859-1/books/faq/book.sgml,v retrieving revision 1.140 diff -u -r1.140 book.sgml --- book.sgml 2001/01/18 01:14:24 1.140 +++ book.sgml 2001/01/21 22:50:52 @@ -7238,6 +7238,56 @@ + + I used to run XFree86 as a regular user, but now when + I start it it says I must be root! + + + + All X servers need to be run as root in order to get direct + access to your video hardware. Older versions of XFree86 + (<= 3.3.6) installed all bundled servers to be automatically + run as root (setuid to root). This is obviously a security + hazard because X servers are large, complicated programs. + Newer versions of XFree86 do not install the servers setuid to + root for just this reason. + + Obviously, running an X server as the root user is not + acceptable, nor a good idea security-wise. There are two ways + to be able to use X as a regular user. The first is to use + + xdm or another display manager + (e.g., kdm); the second is to use the + Xwrapper. + + xdm is a daemon that handles graphical + logins. It is usually started at boot time, and is responsible + for authenticating users and starting their sessions; it is + essentially the graphical counterpart of + getty and login. For + more information on xdm see + its manual page, the XFree86 + documentation, and the the FAQ + entry on it. + + Xwrapper is the X server wrapper; it is + a small utility to enable one to manually run an X server while + maintaining reasonable safety. It performs some sanity checks + on the command line arguments given, and if they pass, runs the + appropriate X server. If you do not want to run a display + manger for whatever reason, this is for you. If you have + installed the complete ports + collection, you can find the port in + /usr/ports/x11/wrapper. If you have not, + follow the previous link for information on how to obtain just + this specific port. + + + + My PS/2 mouse doesn't behave properly under X. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message