Running X as an unprivileged user

Daniel Stone daniel at
Fri Jun 25 07:04:10 PDT 2010

On Fri, Jun 25, 2010 at 11:12:49PM +1000, Christopher James Halse Rogers wrote:
> It seems that almost all of the work required to run X without root
> privileges has been done, and there are just a couple of loose ends to
> tie up before it can work - at least for KMS drivers.
> Apart from opening /proc/mtrr for writing, which isn't used by any of
> the drivers I've inspected and certainly by none of the KMS drivers, it
> seems the last problem is backlight handling which requires
> prodding /sys/class/backlight/*/brightness.  It seems that the way to
> deal with this would be to get a /dev/backlight device interface for
> which udev could set appropriate permissions.  This would also clean the
> Intel DDX code somewhat as it wouldn't have to iterate over the list of
> possible /sys paths.

Why not just have ConsoleKit set the ownership, presumably as you'd have
it doing for /dev/input? That still doesn't solve the revoke() problem
though (i.e. what happens when you switch to another session - the
original server could still have its /dev/input FDs open, leaking all
your passwords).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <>

More information about the xorg-devel mailing list