tag 196732 + wontfix
On Mon, Jun 09, 2003 at 02:39:57AM -0700, Sean Champ wrote:
> Package: xserver-common
> Version: 4.2.1-7
> Severity: wishlist
>
> So, i try to run XFree86 after a woody-to-sid dist-upgrade.
>
> Instead of getting the usal X startup, though, I get a message like
> "user is not allowed to run the X server".
>
> After an strace, I find out there's a particular configuation
> directive in /etc/Xwrapper.config, which really boggles me -- namely,
> the "allowed_users" directive.
>
> If you want to control "who gets to run an application?", why do you
> not use plain user/group privelages?
>
> Here's a simple solution. It works with SuSE, like this; it would work
> with Debian.
>
> addgroup --system xok
> chgrp xok /usr/X11R6/bin/XFree86
> chmod o-x /usr/X11R6/bin/XFree86
>
> ...then, simply enough, add any user, to the 'xok' group, who needs to
> run the x server.
>
> problem solved. for this, there's no /etc/Xwrapper.config needed.
I am probably not going to act on your implicit request (to trash the
allowed_users variable and functionality).
The reason is that, as documented in Xwrapper.config(5), "allowed_users"
doesn't have to do with the invoking user's identity, but rather whether
or not the user has control of a virtual console device.
allowed_users
may be set to one of the following values:
rootonly,console,anybody. "rootonly" indicates that only
the root user may start the X server; "console" indicates
that root, or any user whose controlling TTY is a virtual
console, may start the X server; and "anybody" indicates
that any user may start the X server.
If you have a better suggestion for the name of this variable, I'm open
to it.
--
G. Branden Robinson | What influenced me to atheism was
Debian GNU/Linux | reading the Bible cover to cover.
branden@debian.org | Twice.
http://people.debian.org/~branden/ | -- J. Michael Straczynski
Attachment:
pgpSslc04o6Qw.pgp
Description: PGP signature