From owner-freebsd-doc  Sun Jan 21 16:20:21 2001
Delivered-To: freebsd-doc@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 3D0B037B402
	for <freebsd-doc@freebsd.org>; Sun, 21 Jan 2001 16:20:01 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f0M0K1M28301;
	Sun, 21 Jan 2001 16:20:01 -0800 (PST)
	(envelope-from gnats)
Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138])
	by hub.freebsd.org (Postfix) with ESMTP id 4964337B400
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 21 Jan 2001 16:15:09 -0800 (PST)
Received: from hornet.unixfreak.org (hornet [63.198.170.140])
	by bazooka.unixfreak.org (Postfix) with ESMTP id 02EAA3E02
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 21 Jan 2001 16:15:08 -0800 (PST)
Received: (from dima@localhost)
	by hornet.unixfreak.org (8.11.1/8.11.1) id f0M0F8a81596;
	Sun, 21 Jan 2001 16:15:08 -0800 (PST)
	(envelope-from dima)
Message-Id: <200101220015.f0M0F8a81596@hornet.unixfreak.org>
Date: Sun, 21 Jan 2001 16:15:08 -0800 (PST)
From: dima@unixfreak.org
Reply-To: dima@unixfreak.org
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: docs/24517: [PATCH] New FAQ entry about problems running X as non-root
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         24517
>Category:       docs
>Synopsis:       [PATCH] New FAQ entry about problems running X as non-root
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 21 16:20:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Dima Dorfman
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
Private
>Environment:
System: FreeBSD spike.unixfreak.org 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Fri Jan 19 16:26:06 PST 2001 dima@spike.unixfreak.org:/usr/home/dima/w/f/src/sys/compile/SPIKE i386

>Description:

It seems that for some reason a lot of people have been having
problems running X because they start it as a non-root user.  Most
probably, this is due to the general public starting to upgrade to
XFree86 4, which doesn't install its servers setuid to root.

The attached patch adds an FAQ entry describing the need to either use
xdm or Xwrapper if one wishes to run X as a regular user; which one
should.

>How-To-Repeat:

Read -questions.

>Fix:

Apply the following patch to doc/en_US.ISO_8859-1/books/faq/book.sgml.

Index: book.sgml
===================================================================
RCS file: /st/src/FreeBSD/doc/en_US.ISO_8859-1/books/faq/book.sgml,v
retrieving revision 1.140
diff -u -r1.140 book.sgml
--- book.sgml	2001/01/18 01:14:24	1.140
+++ book.sgml	2001/01/21 22:50:52
@@ -7238,6 +7238,56 @@
       </qandaentry>
 
       <qandaentry>
+        <question id="xfree86-root">
+          <para>I used to run XFree86 as a regular user, but now when
+            I start it it says I must be root!</para>
+        </question>
+
+        <answer>
+          <para>All X servers need to be run as root in order to get direct
+            access to your video hardware.  Older versions of XFree86
+            (&lt;= 3.3.6) installed all bundled servers to be automatically
+            run as root (setuid to root).  This is obviously a security
+            hazard because X servers are large, complicated programs.
+            Newer versions of XFree86 do not install the servers setuid to
+            root for just this reason.</para>
+
+          <para>Obviously, running an X server as the root user is not
+            acceptable, nor a good idea security-wise.  There are two ways
+            to be able to use X as a regular user.  The first is to use
+            <ulink
+            url="http://www.FreeBSD.org/cgi/man.cgi?manpath=xfree86&amp;query=xdm">
+            <command>xdm</command></ulink> or another display manager
+            (e.g., <command>kdm</command>); the second is to use the
+            <command>Xwrapper</command>.</para>
+
+          <para><command>xdm</command> is a daemon that handles graphical
+            logins.  It is usually started at boot time, and is responsible
+            for authenticating users and starting their sessions; it is
+            essentially the graphical counterpart of
+            <command>getty</command> and <command>login</command>.  For
+            more information on <command>xdm</command> see <ulink
+            url="http://www.FreeBSD.org/cgi/man.cgi?manpath=xfree86&amp;query=xdm">
+            its manual page</ulink>, <ulink
+            url="http://www.xfree86.org/support.html">the XFree86
+            documentation</ulink>, and the <link linkend="xdm-boot">the FAQ
+            entry</link> on it.</para>
+
+          <para><command>Xwrapper</command> is the X server wrapper; it is
+            a small utility to enable one to manually run an X server while
+            maintaining reasonable safety.  It performs some sanity checks
+            on the command line arguments given, and if they pass, runs the
+            appropriate X server.  If you do not want to run a display
+            manger for whatever reason, this is for you.  If you have
+            installed the complete <ulink url="../ports/">ports
+            collection</ulink>, you can find the port in
+            <filename>/usr/ports/x11/wrapper</filename>.  If you have not,
+            follow the previous link for information on how to obtain just
+            this specific port.</para>
+        </answer>
+      </qandaentry>
+
+      <qandaentry>
         <question id="ps2-x">
           <para>My PS/2 mouse doesn't behave properly under X.</para>
         </question>

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message