Bug 54167

Summary: [bug] weston-launch's wayland-0 socket can have insufficient permissions
Product: Wayland Reporter: Joe Konno <joe.konno>
Component: westonAssignee: Wayland bug list <wayland-bugs>
Status: VERIFIED NOTABUG QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Joe Konno 2012-08-28 19:50:11 UTC
In a global `umask 022` environment, through the magic of weston-launch a wayland-0 socket is created in XDG_RUNTIME_DIR that is writeable only by the owner: root. This makes it difficult for an unpriveliged user to do anything within that instance.

This is a significant hindrance for the use-case where the compositor is spawned by a superuser (through an init script or otherwise) but then used by unpriveliged users.

Work-around is to grant group-write permissions to the wayland-0 socket after launch to resume operation for unpriveliged use.
Comment 1 Kristian Høgsberg 2012-10-25 15:56:33 UTC
If you run weston-launch as root, the compositor will be owned by root.  If you want to run weston-launch as root but run the compositor as a different user, use the -u option:

[krh@minato ~]$ weston-launch --help
Usage: weston [args...] [-- [weston args..]]
  -u, --user      Start session as specified username
  -t, --tty       Start session on alternative tty
  -v, --verbose   Be verbose
  -s, --sleep     Sleep specified amount of time before exec
  -h, --help      Display this help message

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.