Running Xorg as regular user on Trisquel 11

17 risposte [Ultimo contenuto]
andyprough
Offline
Iscritto: 02/12/2015

I prefer running Xorg as the regular user rather than as root, as I have come to understand that running it as root is a higher security risk.

There's probably an easier way of doing this than the steps I take, but I'm going to lay out how I do it here. If anyone knows a better way please let me know.

1. First of all, I like to install every XFCE package because I prefer that desktop environment (and I won't need to set up an .xinitrc with XFCE):
sudo apt install xfce*

Next I make some changes to grub's configuration so that I reboot into a text console instead of into a graphical login manager:
2. backup grub, just as a safety measure (hat tip for next few steps to https://ubuntuhandbook.org/index.php/2020/05/boot-ubuntu-20-04-command-console/)
sudo cp -n /etc/default/grub /etc/default/grub.backup

3. Change a line in grub to tell it to boot to a text console.
a. Open grub to edit it (I'll use pluma to edit it here):
sudo pluma /etc/default/grub

b. Change this line, "GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"", to say this:
GRUB_CMDLINE_LINUX_DEFAULT="text"
Save in pluma and close.

4. Update grub:
sudo update-grub

5. Tell systemd to allow me to boot to a text console:
sudo systemctl set-default multi-user.target

6. Reboot

7. Now I'm booted to a text console, where I log in with my user name and password

8. Now I start my XFCE desktop:
startxfce4

9. Now I open up a terminal and run
ps -ef | grep Xorg
and it shows I am running Xorg as the regular user, not as root. Mission accomplished.

Surely this is way too complicated. I'm assuming some smart people here know a one-line command to run Xorg as non-root without all these complications. If so, let me know. I don't mind going through these steps and I prefer using XFCE, but it would be nice to know any easier ways. Thanks!

koszkonutek
Offline
Iscritto: 03/19/2020

I thought the most straightforward way of booting to a text console is to tell systemd to disable the login manager service. Like

```
sudo systemctl disable sddm
```

of course replacing `sddm` with whatever login manager is running on your system.

Not sure if it's really any improvement over your method, tho

andyprough
Offline
Iscritto: 02/12/2015

I tried that but it did not initially work for me, that's why I went looking online for the "official *buntu way" of booting to a text console, and I found the steps in my first post. They do work quite well, by the way.

I'm more interested in if there is an easier way to tell Xorg to run as non-root. Logging in to a text console has quite a few web pages giving the instructions, but I wasn't finding anything on changing Xorg to be owned by non-root, so I found that my "startxfce4" method worked. And I'm assuming that using "startx" with Mate and an .xinitrc would work as well.

koszkonutek
Offline
Iscritto: 03/19/2020

That might sound funny but... after reading your post I have just found out that I have also been unknowingly running XFCE with rootless Xorg for a long time. Via `startx` but I don't even remember how I did set it up. I have no `$HOME/.xinitrc` and my `/etc/X11/xinit/xinitrc` doesn't call anything XFCE4-related.

But it's Devuan, not Trisquel, so things might be different. Also, I don't even remember how I made this particular system boot in text mode in the first place

Magic Banana

I am a member!

I am a translator!

Offline
Iscritto: 07/24/2010

I have just started the "GNOME on Xorg" session. The same holds here: the user, not root, runs Xorg, although I have done nothing to get that. The user runs Wayland too, if I choose the "GNOME" session.

andyprough
Offline
Iscritto: 02/12/2015

That's good to know, I haven't tried Gnome in years. I probably still won't use it, as there are several things I do not like about the desktop (not to mention the project's hateful anti-RMS rhetoric [and lies]).

prospero
Offline
Iscritto: 05/20/2022

That project now also suggests non-free distros to VM users:

https://gitlab.trisquel.org/trisquel/package-helpers/-/issues/83

Lugodunos
Offline
Iscritto: 05/28/2022

What project? GNOME?
Post-scriptum: once again, I don't have access to gitlab with TOR and using NoScript (for privacy reason of course).

prospero
Offline
Iscritto: 05/20/2022

Yes. This is now fixed in Aramo.

I attached a couple of screenshots that sum up the story.

issue_83.png fixed.png
andyprough
Offline
Iscritto: 02/12/2015

XFCE seems to know when it's being called. You can always use the startxfce4 command, in my experience, without setting up .xinitrc.

Avron

I am a translator!

Offline
Iscritto: 08/18/2020

I thought the most straightforward way of booting to a text console is to tell systemd to disable the login manager service.

The method I have previously used for that is "systemctl set-default multi-user.target" which may have been designed for this very purpose.

loldier
Offline
Iscritto: 02/17/2016

Revert back to GUI login (as root):

systemctl set-default graphical.target

andyprough
Offline
Iscritto: 02/12/2015

Thanks for posting this loldier, this thread needed some instructions on how to return the system to normal.

Jorah Dawson
Offline
Iscritto: 12/13/2020

Thank you so much!
Done in Parabola GNU/Linux-libre with OpenRC and XFCE. I uninstalled sddm and call startxfce4.

By the way, take this into account when using xorg:
https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html
It's really shocking...

On the other hand, waiting for wayland to be mature:
https://wiki.xfce.org/releng/wayland_roadmap
https://gitlab.xfce.org/xfce/libxfce4windowing

andyprough
Offline
Iscritto: 02/12/2015

Hi Jorah, can you still install Parabola with OpenRC? Last I looked I only saw the systemd ISO images on the Download page. Are there instructions for manually installing it with OpenRC?

Edit: Never mind, I'm looking at the installer instructions now and I see that OpenRC is still available with the nosystemd repository. Very nice, looks like I'll need to be installing and trying Parabola again this summer. It's been a few years since I ran this incredible distro.

Jorah Dawson
Offline
Iscritto: 12/13/2020

Unfortunately, Parabola LXDE iso is too old and breaks the installation.
You need to install the Parabola CLI Edition by the Arch way (archinstall isn't ready yet), adding nonsystem repo and some packages not included on the guide like networkmanager-openrc, dbus-openrc, wpa-supplicant-openrc, alsa-utils-openrc and so on.

What is more, there is a bug¿? with librebooted machines:
https://trisquel.info/es/forum/new-version-libreboot-available-20220710#comment-167839

Anyway, in my view, it seems openrc uses less cpu and ram than systemd, something helpful on these old laptops.

andyprough
Offline
Iscritto: 02/12/2015

UPDATE: It does work with Mate as well.

Just follow the above steps 2-5 to make Trisquel boot to a text console. Then:

6. Create a ~/.xinitrc file:
pluma ~/.xinitrc

write "exec mate-session" on the top line of the file, leaving one empty line below it, and save and close the .xinitrc file.

7. Reboot. When you come up to a text console, log in with your username and password, and then enter the following command:
startx

This should take you into a Mate session that has Xorg owned by the regular user instead of root.

andyprough
Offline
Iscritto: 02/12/2015

After running the above commands and getting into the Mate desktop using a "startx" command, you may still want to have a login manager so that you can choose between different desktops and window managers. For example, I have Mate, XFCE and DWM installed, and there's not an easy way that I know of to switch between them using startx and xinitrc.

Instead I use "tbsm", which stands for "terminal based session manager". It allows me to log in from the tty without needing a graphical login manager, but still choosing from among my different desktops and window managers.

To set it up, first ensure you have the "git" and "build-essential" packages installed:
sudo apt install git build-essential
If you do install build-essential here, I usually would reboot at this point, as build-essential is going to install a lot of stuff that allows you to build packages.

Then clone the git repo for tbsm in an appropriate folder:
mkdir ~/git
cd ~/git
git clone https://github.com/loh-tar/tbsm

Then change into the tbsm directory and make and install tbsm:
cd tbsm/
make
sudo make install

Now when you restart your computer, when you log into the tty you can type the "tbsm" command, and you will see a prompt like the one in my attached picture, giving you numerical options to enter to choose your desktop or window manager login.

Screenshot at 2023-07-01 00-58-42.png