Bug 3706
| Summary: | font server dies without "su" | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | michael.waite |
| Component: | XFree86 | Assignee: | David Lawrence <dkl> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.0 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 1999-07-15 21:22:06 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
you may run the font server as root, but this opens you up to security holes which you are trying to avoid. su is not a security hole, it has been thoroughly audited. Why are you removing it? The next release of our X packages will have XFree86-xfs depend on /bin/su. In the future, the xfs daemon may be rewritten so that it drops root privileges and becomes suid xfs / sgid xfs, but not for this release. scratch that. our next release of X will enable xfs to drop root privileges and become the 'xfs' user if that user is present, if so specified. The init script will be adjusted accordingly. Thanks for the feedback. |
Here is the init script that starts xfs: grep su /etc/init.d/xfs daemon --check xfs su xfs -c xfs -s /bin/sh touch /var/lock/subsys/xfs rm -f /var/lock/subsys/xfs if [ -f /var/lock/subsys/xfs ]; then daemon --check xfs su xfs -c xfs -s /bin/sh touch /var/lock/subsys/xfs We have no need for "su" on our systems and without it the font server dies. Then you must link the fonts manually. Is there a way to not have "su" on the system and still have the fontserver running?