Rootless

Differences between revisions 1 and 5 (spanning 4 versions)
Revision 1 as of 2009-11-03 02:22:32
Size: 1194
Editor: pool-74-107-129-37
Comment:
Revision 5 as of 2010-02-07 00:07:48
Size: 3359
Editor: pool-74-107-129-37
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:

Line 13: Line 11:
== Requirements ==

 * Framebuffer or [[X/KernelModesetting|kernel mode-setting]] enabled video drivers ONLY:
   * fbdev (ARM, etc.) - Not sure of status here. May need some driver development effort?
   * -intel [DONE] - Available by default in Karmic
   * -ati [DONE] - Configurable in Karmic with minor stability issues, will likely be available by default in Lucid
   * -nouveau [IN PROGRESS] - Code exists, requires special kernel and X to test. Does not work on a lot of hardware, has stability issues on others.
   * -psb [IN PROGRESS] - [[http://www.phoronix.com/scan.php?page=news_item&px=NzY2Mg|Coming soon]]
   * -openchrome [IN PROGRESS]
   * -nv, -nvidia, -fglrx, others: Not planned at this time

 * Non-root access to certain device files
   * tty/VT probing and ownership
   * input devices
   * DRM ioctls - (should be largely done already)

 * Drop suid bit on /usr/bin/X

== Example ==

In one console:
{{{
sudo chown $USER /dev/tty${VT}
sudo chmod o+rw /dev/input/*
/usr/bin/Xorg vt8 -retro -sharevts -nohwaccess -logfile /tmp/Xorg.U.log :1
}}}

Then SSH in and launch clients as desired:
{{{
DISPLAY=:1 xeyes &
DISPLAY=:1 xterm
}}}

When done, terminate X:
{{{
pkill X
}}}

== Discussion ==

While the kernel and Xorg are set up to run X without root permissions, device permissions and other plumbing work needs done. Some decisions need made such as where X should store its log files, and whether it should run as the user, or if a special user or group should be created for X.

For single user devices (where there is no login screen or account management), the simplest approach would be to use that user and store files in its user space.

For multi-user situations (such as a traditional desktop), either X could run as a service and flip its ownership to the logged in user via udev rules, or else the login session should run as one X session and allow for instantiating secondary X sessions as the user. This latter approach is most secure, but may be tougher to ensure a smooth transition.
Line 16: Line 60:
 * [[http://lwn.net/Articles/341035/|non-root X]] Email from Jesse Barnes, Linux Weekly News

Summary

For video drivers that support kernel mode-setting (KMS), X can be set up to run as a non-root user.

Background

Historically, X has been responsible for setting up the graphics modes (resolutions, refresh rates, etc.) X did this by talking to the hardware directly, which it could only do if it ran with root privileges. The reason X was tasked with doing this work was to keep graphics as platform-agnostic as possible, so the same graphics code could be used for BSD and other *nix flavors.

Today, the feeling is that this mode-setting logic should be moved into the kernel. Some video drivers, such as the -intel driver, now have this 'kernel mode-setting' (KMS) ability implemented. In karmic, -intel already uses KMS by default, and the -ati driver will run with KMS if the kernel is booted with the 'radeon.modeset=1' parameter, but it is not set as the default due to stability concerns. But other drivers in Karmic, such as -fglrx and -nvidia, do not support KMS at all.

Requirements

  • Framebuffer or kernel mode-setting enabled video drivers ONLY:

    • fbdev (ARM, etc.) - Not sure of status here. May need some driver development effort?
    • -intel [DONE] - Available by default in Karmic
    • -ati [DONE] - Configurable in Karmic with minor stability issues, will likely be available by default in Lucid
    • -nouveau [IN PROGRESS] - Code exists, requires special kernel and X to test. Does not work on a lot of hardware, has stability issues on others.

    • -psb [IN PROGRESS] - Coming soon

    • -openchrome [IN PROGRESS]
    • -nv, -nvidia, -fglrx, others: Not planned at this time
  • Non-root access to certain device files
    • tty/VT probing and ownership
    • input devices
    • DRM ioctls - (should be largely done already)
  • Drop suid bit on /usr/bin/X

Example

In one console: 

sudo chown $USER /dev/tty${VT}
sudo chmod o+rw /dev/input/*
/usr/bin/Xorg vt8 -retro -sharevts -nohwaccess -logfile /tmp/Xorg.U.log :1

Then SSH in and launch clients as desired: 

DISPLAY=:1 xeyes &
DISPLAY=:1 xterm

When done, terminate X: 

pkill X

Discussion

While the kernel and Xorg are set up to run X without root permissions, device permissions and other plumbing work needs done. Some decisions need made such as where X should store its log files, and whether it should run as the user, or if a special user or group should be created for X.

For single user devices (where there is no login screen or account management), the simplest approach would be to use that user and store files in its user space.

For multi-user situations (such as a traditional desktop), either X could run as a service and flip its ownership to the logged in user via udev rules, or else the login session should run as one X session and allow for instantiating secondary X sessions as the user. This latter approach is most secure, but may be tougher to ensure a smooth transition.

References

X/Rootless (last edited 2010-07-11 11:42:00 by 19-102)