[PATCH wayland-web] building: Recommend disabling setuid for non-root installs

Kristian Høgsberg hoegsberg at gmail.com
Fri Aug 30 13:43:58 PDT 2013


On Sun, Aug 25, 2013 at 07:05:45PM +0000, Bryce W. Harrington wrote:
> On Sun, Aug 25, 2013 at 10:57:59AM +0300, Pekka Paalanen wrote:
> > On Fri, 23 Aug 2013 19:54:17 +0000
> > "Bryce W. Harrington" <b.harrington at samsung.com> wrote:
> > > diff --git a/building.html b/building.html
> > > index b7a1158..a47744e 100644
> > > --- a/building.html
> > > +++ b/building.html
> > > @@ -228,7 +228,7 @@ gio-2.0.</p>
> > >  
> > >  <pre>    $ git clone git://anongit.freedesktop.org/wayland/weston
> > >      $ cd weston
> > > -    $ ./autogen.sh --prefix=$WLD
> > > +    $ ./autogen.sh --prefix=$WLD --enable-setuid-install=no
> > >      $ make
> > >      $ make install
> > >  </pre>
> > 
> > I believe setuid weston-launch is mandatory for all backends
> > that use evdev, that is at least drm and fbdev. Otherwise they
> > cannot open input devices on normal system setups.
> > 
> > Maybe prefer 'sudo make install' then?
> 
> weston itself can be run directly as non-root inside an X session,
> without use of weston-launch.  For client development or just kicking
> the tires, this is probably sufficient as a starting point.  I imagine
> many people who will be reading this document could fit into those
> categories.
> 
> Certainly 'sudo make install' addresses the problem, however the intent
> of the article as I read it is to show how to build wayland entirely
> without needing superuser privs.  This is a worthwhile goal: It assures
> tire kickers they won't muss up their system, it enables building,
> installing, and testing wayland in automated test frameworks, and it
> enables users to try out wayland who may not have superuser access.
> 
> Perhaps the documentation could first explain how to run non-root, and
> then in a following section rebuild with setuid and explain running it
> using weston-launch?

For local installs I think we could enhance weston-launch to work
better with sudo (make it run weston as the original user) and then
recommend --disable-setuid-install and sudo weston-launch for local
installs.

Kristian


More information about the wayland-devel mailing list