54167 – [bug] weston-launch's wayland-0 socket can have insufficient permissions

Bug 54167 - [bug] weston-launch's wayland-0 socket can have insufficient permissions

Summary: [bug] weston-launch's wayland-0 socket can have insufficient permissions

Status:	VERIFIED NOTABUG

Alias:	None

Product:	Wayland
Classification:	Unclassified
Component:	weston (show other bugs)
Version:	unspecified
Hardware:	x86-64 (AMD64) Linux (All)

Importance:	medium normal
Assignee:	Wayland bug list
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-08-28 19:50 UTC by Joe Konno
Modified:	2012-11-09 18:35 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Joe Konno 2012-08-28 19:50:11 UTC

In a global `umask 022` environment, through the magic of weston-launch a wayland-0 socket is created in XDG_RUNTIME_DIR that is writeable only by the owner: root. This makes it difficult for an unpriveliged user to do anything within that instance.

This is a significant hindrance for the use-case where the compositor is spawned by a superuser (through an init script or otherwise) but then used by unpriveliged users.

Work-around is to grant group-write permissions to the wayland-0 socket after launch to resume operation for unpriveliged use.

Comment 1 Kristian Høgsberg 2012-10-25 15:56:33 UTC

If you run weston-launch as root, the compositor will be owned by root.  If you want to run weston-launch as root but run the compositor as a different user, use the -u option:

[krh@minato ~]$ weston-launch --help
Usage: weston [args...] [-- [weston args..]]
  -u, --user      Start session as specified username
  -t, --tty       Start session on alternative tty
  -v, --verbose   Be verbose
  -s, --sleep     Sleep specified amount of time before exec
  -h, --help      Display this help message

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.