Red Hat Bugzilla – Bug 166806
root password required to change display resolution
Last modified: 2014-06-18 05:07:53 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.8) Gecko/20050512 Firefox/1.0.4
Description of problem:
In an Enterprise environment, it is not a good idea to supply root passwords
to every user in the company. Also, it is taking up too much time for
admins to go around and fix every little request for display resolution
changes (we have hundreds of clients)
Therefore I would suggest adding a policy file for redhat-config-xfree86
that admins can set up an option (maybe in /etc/sysconfig) that either
prompts for a root password or doesn't when people run this program.
That way if some companies want a root password to be asked for every time,
they can have that behavior, and if they don't want the root password to be
asked for, they can have that behavior as well.
In order for this to work, I am assuming you would have to
change the configuration program to be setuid root so that you could modify
the /etc/X11/XFree86 file as a non-root user even though it is a root
This change request is not only for Redhat Enterprise 3, but 4, and Fedora
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Try to change display resolution as non-root user with redhat-config-xfree86
Actual Results: Root password prompted for.
Expected Results: Display resolution would be changed without having to be root.
system-config-display modifies the X server config file directly. This is
something that mandatorily requires root priveledges to run. Granting this
permission to all users, or any other users would give priveledge escalation
to those users, as it is possible to modify the X server configuration to
gain additional priveledges.
You can change the root window size using the xrandr utility as a non-root
user, or by using the display properties tab. If you have users which you
trust to run the X config utility, you can use "sudo" to provide limited
non-root access to the command.
In a future upstream X.Org X release, more and more global X server settings
which are currently globally stored in xorg.conf are going to become per-user
and stored in a per-user location. For the time being however, the
X server configuration utilities are root-only.
Closing request "WONTFIX" as implementing this would be a serious security
hole in the OS.