[gentoo-user] Rootless X without elogind

[Björn Fischer]

Hi folks,

on my laptops and other private computers I normally just login on the
virtual console and "startx" or "xinit" -- no fancy stuff like display
managers.

Recently I switched to rootless X (finally, after gentoo dropped "suid"
by default on Xorg long ago). But I did not want to bloat my system with
elogind (not to mention systemd), so I came up with a much less complex
solution:

I created a small PAM module "pam_tty.so", which simply chowns the
corresponding /dev/ttyN on a successful login on a virtual console. All
other privileges can be granted by Unix groups. So yes, rootless X
without elogind is possible.

pam_tty.so is available on github:

https://github.com/bjorn-fischer/pam_tty

Any thoughts on this?


Cheers,
Björn

[Matt Connell (Gmail)]

On Wed, 2022-02-16 at 20:05 +0100, Björn Fischer wrote:
> But I did not want to bloat my system with
> elogind (not to mention systemd)

For the sake of the argument, elogind is a standalone package. systemd
provides 'logind'. I run all my systems without systemd with lightdm
as a display manager happily.

> I created a small PAM module "pam_tty.so", which simply chowns the
> corresponding /dev/ttyN on a successful login on a virtual console.
> All other privileges can be granted by Unix groups.

A novel solution. Without reviewing the code, I like the idea.

[Anna “CyberTailor”]

OpenBSD maintains its own Xorg patchset called Xenocara. It runs as _x11
user without logind or suid.

http://xenocara.org/


Hyperbola GNU/Linux-libre is the only distro that uses it.

https://www.hyperbola.info/news/end-of-xorg-support/