[sles-beta] Beta 3, "startx" as non-root fails

Matthias G. Eckermann mge at suse.com
Mon Mar 24 04:22:16 MDT 2014 

On 2014-03-22 T 12:39 +0000 Joe Doupnik wrote:
>     Permissions on /usr/bin/Xorg: need to be suid root (-rws--x--x).

Yep, and that's not good as a default.

I suggest to add this to /etc/permissions.local,
thus bot requirements are fulfilled:
- secure default
- usable as you need it

> Compare with SLES 11 et al.
> Now it startx works for a regular user.

so long -
	MgE

> On 21/03/2014 22:34, Matthias G. Eckermann wrote:
> >Hello Joe and all,
> >
> >I remember a discussion ~1year ago,
> >but not the details (will check on monday),
> >and it might be a security feature
> >(the screenshots support this idea: see the last two lines!).
> >
> >I know, I know, ...:-(
> >
> >However, if it really is a security feature,
> >I will have to prepare the battle carefully:
> >it will be a battle against myself,
> >wearing the security hat --
> >and usually security wins.
> >
> >Enjoy the weekend -
> >MgE
> >
> >
> >On 21. März 2014 20:05:58 MEZ, Joe Doupnik <jrd at netlab1.net> wrote:
> >>    As an ordinary user on SLES, login to the console and give command
> >>startx. After a significant pause the command fails. Attached is a
> >>screen capture of it.
> >>     Root, by contrast, does get the Gnome GUI.
> >>   As a test I did   chmod a+w /var/log   as root, returned to being a
> >>normal user and tried again. Still failure, as shown in the second
> >>screen capture.
> >>     Running as a VMware ESXi guest.
> >>     Joe D.
> >>
> >>
> >>
> >>------------------------------------------------------------------------
> >>
> >>_______________________________________________
> >>sles-beta mailing list
> >>sles-beta at lists.suse.com
> >>http://lists.suse.com/mailman/listinfo/sles-beta
> 
> 

-- 
Matthias G. Eckermann     Senior Product Manager   SUSE® Linux Enterprise
Phone: +49 30 44315731    Mobile: +49 179 2949448    E-Mail: mge at suse.com
SUSE LINUX Products GmbH  Maxfeldstraße 5          90409 Nürnberg Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)

More information about the sles-beta mailing list