Run X as a regular user

Registered by Chris Halse Rogers

* What changes do we need to drop root privs from X in Maverick?
* Should we switch to rootless-X for Maverick?
* What testing can we do to be confident in our decision?

Blueprint information

Not started
Sebastien Bacher
Chris Halse Rogers
Needs approval
Chris Halse Rogers
Series goal:
Accepted for quantal
Milestone target:
milestone icon ubuntu-12.10

Related branches



bryce 2010-05-07: I've gathered the ideas/requirements that have come up in the past here:

A key point is that X shouldn't run as the logged in user, but rather as a non-root service type user. See the wiki page for details.

raof, 2010-06-22: In regular use on my system:
Intel, Radeon & Nouveau will write to

raof, 2010-06-29: Upstream wonders why we need a /dev/backlight. They suggest that ConsoleKit could handle setting permissions for /sys/class/backlight. I need to work out why we decided ConsoleKit wouldn't work, and if that reasoning is still sound.
raof, 2010-07-16: There doesn't seem to be any reason why a run-seat ConsoleKit script can't be used for what we want. Updating the work items to match this.
raof, 2010-07-22: After talking with pitti, there's actually no reason to require a ConsoleKit script, X can just chown the relevant files before dropping privs.

pitti, 2011-07-22: Is this actually desired for oneiric, or in general still? It gets a bit tight to get that into oneiric, so perhaps we should move this to the q cycle (post-LTS)?

bryce, 2011-07-22: Makes sense; there haven't been any stakeholders for this feature since before lucid.


Work Items

Work items:
[raof] Set up a new system user for X process (xdaemon): POSTPONED
[raof] Better generalized -nohw patch so xserver detects it automatically: POSTPONED
[raof] Talk to Jesse/upstream to see what interface is sane for /dev/backlight: DONE
[raof] Talk with Michael Frey (and tseliot) about how OEM team has approached rootless X: DONE
[raof] Check X doesn't write anything (else) to /sys or /proc: DONE