Running X as an unprivileged user

Matthew Garrett mjg59 at
Fri Jun 25 09:35:26 PDT 2010

On Fri, Jun 25, 2010 at 11:12:49PM +1000, Christopher James Halse Rogers wrote:

> Apart from opening /proc/mtrr for writing, which isn't used by any of
> the drivers I've inspected and certainly by none of the KMS drivers, it
> seems the last problem is backlight handling which requires
> prodding /sys/class/backlight/*/brightness.  It seems that the way to
> deal with this would be to get a /dev/backlight device interface for
> which udev could set appropriate permissions.  This would also clean the
> Intel DDX code somewhat as it wouldn't have to iterate over the list of
> possible /sys paths.

Why not just change the ownership of the sysfs files?

> Does this idea look sane?  Are there any obvious pitfalls that I've
> missed here?  What would a good /dev/backlight interface look like?

This is easy enough to handle for the single-user situation, but there's 
currently no way to handle revoking the open file descriptors from one X 
server when you switch to another. A compromised X server could keep 
hold of them when you switch and obtain other users' passwords.

Matthew Garrett | mjg59 at

More information about the xorg-devel mailing list