On 04/11/2018 18.17, Michael Fischer wrote:
I may have missed the story, and google didn't help (perhaps I used the wrong incantation)
Questions:
1) Is the *only* reason for deprecating `startx(1)` the setuid bit requirement? If not, what are the other reasons?
No, there are other reasons. For one thing, I understand it is little maintained. As a consequence, it lacks certain modern features, like the concept of "seat": the person that seats in front of the computer should have the permission to use sound, the cdrom, external storage devices, etc. The display manager handles giving those permission to the person that logs in, without he needing to belong to the pertinent groups. If a different person logs in, he gets the seat instead, and not the other person - who in traditional usage with groups, he still holds the permissions (normally both would have them). Look, the sound devices: cer@Telcontar:~> l /dev/snd/ total 0 drwxr-xr-x 3 root root 220 Oct 20 10:47 ./ drwxr-xr-x 22 root root 6480 Oct 21 02:35 ../ drwxr-xr-x 2 root root 60 Oct 20 10:47 by-path/ crw-rw----+ 1 root audio 116, 2 Oct 20 10:47 controlC0 crw-rw----+ 1 root audio 116, 7 Oct 20 10:47 hwC0D1 crw-rw----+ 1 root audio 116, 4 Oct 26 12:36 pcmC0D0c crw-rw----+ 1 root audio 116, 3 Oct 28 09:37 pcmC0D0p crw-rw----+ 1 root audio 116, 6 Oct 20 10:48 pcmC0D1c crw-rw----+ 1 root audio 116, 5 Oct 20 10:48 pcmC0D1p crw-rw----+ 1 root audio 116, 1 Oct 20 10:47 seq crw-rw----+ 1 root audio 116, 33 Oct 20 10:47 timer cer@Telcontar:~> See the '+' at the end of the permissions? cer@Telcontar:~> getfacl /dev/snd/controlC0 getfacl: Removing leading '/' from absolute path names # file: dev/snd/controlC0 # owner: root # group: audio user::rw- user:cer:rw- <======= group::rw- mask::rw- other::--- cer@Telcontar:~> My user, 'cer', has been granted extended access attribute. If I switch to the text terminal (ctrl-alt-f1) and log in as root, the extended attributes disappear. If on the graphic session I log on a second simultaneous session as another user, that user gets the acls. If I switch back to the first session, the first user gets the permissions back. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)