Mailinglist Archive: opensuse (626 mails)

< Previous Next >
Re: [opensuse] display managers, startx
On 04/11/2018 18.17, Michael Fischer wrote:

I may have missed the story, and google didn't help (perhaps I used
the wrong incantation)

Questions:

1) Is the *only* reason for deprecating `startx(1)` the setuid bit
requirement?
If not, what are the other reasons?

No, there are other reasons.

For one thing, I understand it is little maintained.

As a consequence, it lacks certain modern features, like the concept of
"seat": the person that seats in front of the computer should have the
permission to use sound, the cdrom, external storage devices, etc.

The display manager handles giving those permission to the person that
logs in, without he needing to belong to the pertinent groups. If a
different person logs in, he gets the seat instead, and not the other
person - who in traditional usage with groups, he still holds the
permissions (normally both would have them).

Look, the sound devices:

cer@Telcontar:~> l /dev/snd/
total 0
drwxr-xr-x 3 root root 220 Oct 20 10:47 ./
drwxr-xr-x 22 root root 6480 Oct 21 02:35 ../
drwxr-xr-x 2 root root 60 Oct 20 10:47 by-path/
crw-rw----+ 1 root audio 116, 2 Oct 20 10:47 controlC0
crw-rw----+ 1 root audio 116, 7 Oct 20 10:47 hwC0D1
crw-rw----+ 1 root audio 116, 4 Oct 26 12:36 pcmC0D0c
crw-rw----+ 1 root audio 116, 3 Oct 28 09:37 pcmC0D0p
crw-rw----+ 1 root audio 116, 6 Oct 20 10:48 pcmC0D1c
crw-rw----+ 1 root audio 116, 5 Oct 20 10:48 pcmC0D1p
crw-rw----+ 1 root audio 116, 1 Oct 20 10:47 seq
crw-rw----+ 1 root audio 116, 33 Oct 20 10:47 timer
cer@Telcontar:~>

See the '+' at the end of the permissions?

cer@Telcontar:~> getfacl /dev/snd/controlC0
getfacl: Removing leading '/' from absolute path names
# file: dev/snd/controlC0
# owner: root
# group: audio
user::rw-
user:cer:rw- <=======
group::rw-
mask::rw-
other::---

cer@Telcontar:~>



My user, 'cer', has been granted extended access attribute.

If I switch to the text terminal (ctrl-alt-f1) and log in as root, the
extended attributes disappear. If on the graphic session I log on a
second simultaneous session as another user, that user gets the acls. If
I switch back to the first session, the first user gets the permissions
back.


--
Cheers / Saludos,

Carlos E. R.
(from 42.3 x86_64 "Malachite" at Telcontar)

< Previous Next >
Follow Ups
References