xserver-multidpi/hw/xfree86/man/Xorg.wrap.man

.\" Xwrapper.wrap.__appmansuffix__
.\"
.\" Copyright 2014 Red Hat, Inc.
.\"
.\" Permission to use, copy, modify, distribute, and sell this software and its
.\" documentation for any purpose is hereby granted without fee, provided that
.\" the above copyright notice appear in all copies and that both that
.\" copyright notice and this permission notice appear in supporting
.\" documentation.
.\"
.\" The above copyright notice and this permission notice shall be included
.\" in all copies or substantial portions of the Software.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
.\" OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
.\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
.\" IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
.\" OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
.\" ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
.\" OTHER DEALINGS IN THE SOFTWARE.
.\"
.\" Except as contained in this notice, the name of The Open Group shall
.\" not be used in advertising or otherwise to promote the sale, use or
.\" other dealings in this Software without prior written authorization
.\" from The Open Group.
.\"
.\" shorthand for double quote that works everywhere.
.ds q \N'34'
.TH Xorg.wrap __appmansuffix__ __xorgversion__
.SH NAME
Xorg.wrap \- Xorg X server binary wrapper
.SH DESCRIPTION
The Xorg X server may need root rights to function properly. To start the
Xorg X server with these rights your system is using a suid root wrapper
installed as __suid_wrapper_dir__/Xorg.wrap which will execute the real
X server which is installed as __suid_wrapper_dir__/Xorg.bin .
.PP
By default Xorg.wrap will autodetect if root rights are necessary, and
if not it will drop its elevated rights before starting the real X server.
By default Xorg.wrap will only allow executing the real X server from login
sessions on a physical console.

.SH CONFIG FILE
Xorg.wrap's default behavior can be overridden from the
\fI__sysconfdir__/X11/Xwrapper.config\fP config file. Lines starting with a
\fB#\fP in Xwrapper.config are considered comments and will be ignored. Any
other non empty lines must take the form of \fBkey\fP = \fIvalue\fP.
.TP 8
\fBallowed_users\fP = \fIrootonly\fP|\fIconsole\fP|\fIanybody\fP
Specify which users may start the X server through the wrapper. Use
\fIrootonly\fP to only allow root, use \fIconsole\fP to only allow users
logged into a physical console, and use \fIanybody\fP to allow anybody.
The default is \fIconsole\fP.
.TP 8
\fBneeds_root_rights\fP = \fIyes\fP|\fIno\fP|\fIauto\fP
Configure if the wrapper should drop its elevated (root) rights before starting
the X server. Use \fIyes\fP to force execution as root, \fIno\fP to force
execution with all suid rights dropped, and \fIauto\fP to letter the wrapper
auto-detect. The default is \fIauto\fP.
.PP
When auto-detecting the wrapper will drop rights if kms graphics are available
and not drop them if no kms graphics are detected. If a system has multiple
graphics cards and some are not kms capable auto-detection may fail,
in this case manual configuration should be used.

.SH "SEE ALSO"
Xorg X server information: \fIXorg\fP(1)
Xorg.wrap manpages: use __appmansuffix__ instead of hardcoding 1 Cc: Gaetan Nadon <memsize@videotron.ca> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Gaetan Nadon <memsize@videotron.ca> 2014-04-18 11:30:16 +02:00			`.\" Xwrapper.wrap.__appmansuffix__`
Xorg: Add a suid root wrapper With the recent systemd-logind changes it is possible to install the Xorg binary without suid root rights and still have everything working as it should if the user only has cards which are supported by kms. This commit adds a little suid root wrapper, which is a bit weird, first we strip the suid-root bit of the Xorg binary, and then we add a wrapper ? The function of this wrapper is to see if a system still needs root-rights, if it does not (it supports kms and the kms drivers are properly loaded), then it will immediately drop all elevated rights before executing the real Xorg binary. If it finds (some) cards which don't support kms, or no cards at all, then it will execute the Xorg server with elevated rights so that ie the nvidia binary driver and the vesa driver can keep working normally. To make it possible for security concious users who don't need the root rights to completely remove the wrapper, Xorg is started in a 3 step process when the wrapper is enabled during build time: 1) A simple shell script which checks if the wrapper is there, if it is it executes the wrapper, if not it directly executes the real Xorg binary 2) The wrapper gets executed, does its checks, normally drops all elevated rights and then executes the real Xorg binary 3) The real Xorg binary does its thing This allows distributions to put the wrapper binary in a separate package, and will allow users to remove this package. IE the plan with Fedora is to make "legacy" drivers depend on the wrapper pkg, and since our default install contains some legacy drivers it will be part of the default install, but users can later yum remove it (which will also automatically remove the legacy driver packages as those won't work without it anyways). The wrapper is loosely modelled after the existing Debian Xwrapper, it uses the same config-file + config-file format, and also allows restricting Xserver execution (through the wrapper) to console users only. There also is a new needs_root_rights config file directive, which can be used to override the auto-detection the wrapper does. Hopefully this will allow Debian to replace their own wrapper with this upstream one. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> 2014-03-05 16:41:14 +01:00			`.\"`
			`.\" Copyright 2014 Red Hat, Inc.`
			`.\"`
			`.\" Permission to use, copy, modify, distribute, and sell this software and its`
			`.\" documentation for any purpose is hereby granted without fee, provided that`
			`.\" the above copyright notice appear in all copies and that both that`
			`.\" copyright notice and this permission notice appear in supporting`
			`.\" documentation.`
			`.\"`
			`.\" The above copyright notice and this permission notice shall be included`
			`.\" in all copies or substantial portions of the Software.`
			`.\"`
			`.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS`
			`.\" OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF`
			`.\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.`
			`.\" IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR`
			`.\" OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,`
			`.\" ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR`
			`.\" OTHER DEALINGS IN THE SOFTWARE.`
			`.\"`
			`.\" Except as contained in this notice, the name of The Open Group shall`
			`.\" not be used in advertising or otherwise to promote the sale, use or`
			`.\" other dealings in this Software without prior written authorization`
			`.\" from The Open Group.`
			`.\"`
			`.\" shorthand for double quote that works everywhere.`
			`.ds q \N'34'`
Xorg.wrap manpages: use __appmansuffix__ instead of hardcoding 1 Cc: Gaetan Nadon <memsize@videotron.ca> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Gaetan Nadon <memsize@videotron.ca> 2014-04-18 11:30:16 +02:00			`.TH Xorg.wrap __appmansuffix__ __xorgversion__`
Xorg: Add a suid root wrapper With the recent systemd-logind changes it is possible to install the Xorg binary without suid root rights and still have everything working as it should if the user only has cards which are supported by kms. This commit adds a little suid root wrapper, which is a bit weird, first we strip the suid-root bit of the Xorg binary, and then we add a wrapper ? The function of this wrapper is to see if a system still needs root-rights, if it does not (it supports kms and the kms drivers are properly loaded), then it will immediately drop all elevated rights before executing the real Xorg binary. If it finds (some) cards which don't support kms, or no cards at all, then it will execute the Xorg server with elevated rights so that ie the nvidia binary driver and the vesa driver can keep working normally. To make it possible for security concious users who don't need the root rights to completely remove the wrapper, Xorg is started in a 3 step process when the wrapper is enabled during build time: 1) A simple shell script which checks if the wrapper is there, if it is it executes the wrapper, if not it directly executes the real Xorg binary 2) The wrapper gets executed, does its checks, normally drops all elevated rights and then executes the real Xorg binary 3) The real Xorg binary does its thing This allows distributions to put the wrapper binary in a separate package, and will allow users to remove this package. IE the plan with Fedora is to make "legacy" drivers depend on the wrapper pkg, and since our default install contains some legacy drivers it will be part of the default install, but users can later yum remove it (which will also automatically remove the legacy driver packages as those won't work without it anyways). The wrapper is loosely modelled after the existing Debian Xwrapper, it uses the same config-file + config-file format, and also allows restricting Xserver execution (through the wrapper) to console users only. There also is a new needs_root_rights config file directive, which can be used to override the auto-detection the wrapper does. Hopefully this will allow Debian to replace their own wrapper with this upstream one. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> 2014-03-05 16:41:14 +01:00			`.SH NAME`
			`Xorg.wrap \- Xorg X server binary wrapper`
			`.SH DESCRIPTION`
			`The Xorg X server may need root rights to function properly. To start the`
			`Xorg X server with these rights your system is using a suid root wrapper`
			`installed as __suid_wrapper_dir__/Xorg.wrap which will execute the real`
			`X server which is installed as __suid_wrapper_dir__/Xorg.bin .`
			`.PP`
			`By default Xorg.wrap will autodetect if root rights are necessary, and`
			`if not it will drop its elevated rights before starting the real X server.`
			`By default Xorg.wrap will only allow executing the real X server from login`
			`sessions on a physical console.`

			`.SH CONFIG FILE`
			`Xorg.wrap's default behavior can be overridden from the`
			`\fI__sysconfdir__/X11/Xwrapper.config\fP config file. Lines starting with a`
			`\fB#\fP in Xwrapper.config are considered comments and will be ignored. Any`
			`other non empty lines must take the form of \fBkey\fP = \fIvalue\fP.`
			`.TP 8`
			`\fBallowed_users\fP = \fIrootonly\fP\|\fIconsole\fP\|\fIanybody\fP`
			`Specify which users may start the X server through the wrapper. Use`
			`\fIrootonly\fP to only allow root, use \fIconsole\fP to only allow users`
			`logged into a physical console, and use \fIanybody\fP to allow anybody.`
			`The default is \fIconsole\fP.`
			`.TP 8`
			`\fBneeds_root_rights\fP = \fIyes\fP\|\fIno\fP\|\fIauto\fP`
			`Configure if the wrapper should drop its elevated (root) rights before starting`
			`the X server. Use \fIyes\fP to force execution as root, \fIno\fP to force`
			`execution with all suid rights dropped, and \fIauto\fP to letter the wrapper`
			`auto-detect. The default is \fIauto\fP.`
			`.PP`
			`When auto-detecting the wrapper will drop rights if kms graphics are available`
			`and not drop them if no kms graphics are detected. If a system has multiple`
			`graphics cards and some are not kms capable auto-detection may fail,`
			`in this case manual configuration should be used.`

			`.SH "SEE ALSO"`
			`Xorg X server information: \fIXorg\fP(1)`