From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id AAC231381F3 for ; Thu, 25 Jun 2020 12:59:08 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C7CE1E0884; Thu, 25 Jun 2020 12:58:47 +0000 (UTC) Received: from ciao.gmane.io (ciao.gmane.io [159.69.161.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4CFE1E087B for ; Thu, 25 Jun 2020 12:58:40 +0000 (UTC) Received: from list by ciao.gmane.io with local (Exim 4.92) (envelope-from ) id 1joRSe-000LcR-Pt for gentoo-user@lists.gentoo.org; Thu, 25 Jun 2020 14:58:36 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Nikos Chantziaras Subject: [gentoo-user] xorg-server without suid still runs as root? Date: Thu, 25 Jun 2020 15:58:30 +0300 Message-ID: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 X-Mozilla-News-Host: news://news.gmane.org:119 Content-Language: en-US X-Archives-Salt: b3dcff60-47d8-478c-a154-9ea533bb2878 X-Archives-Hash: e68da4445588347c30350f500408c33b There's a news item about disabling the "suid" use flag on x11-base/xorg-server, which makes it runs as a normal user rather than root. Version 1.20.8-r1 of the ebuild disables "suid" by default. After updating to that and rebooting, X still runs as root though: $ ps aux | grep X root 270 1.7 0.6 226892 107052 tty1 Ssl+ 13:52 2:08 /usr/bin/X $ emerge --info xorg-server [...] x11-base/xorg-server-1.20.8-r1::gentoo was built with the following: USE="ipv6 libglvnd systemd udev xorg -debug -dmx -doc (-elogind) -kdrive -libressl -minimal (-selinux) -static-libs -suid -unwind -wayland -xcsecurity -xephyr -xnest -xvfb" ABI_X86="(64)" Am I missing something? I'm using systemd. If it matters, the "kms" use flag in x11-drivers/nvidia-drivers is enabled.