Bug 21545 - Broken permissions on /dev/dri!!
Summary: Broken permissions on /dev/dri!!
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: XFree86   
(Show other bugs)
Version: 7.0
Hardware: i386 Linux
Target Milestone: ---
Assignee: Mike A. Harris
QA Contact: David Lawrence
: 25491 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2000-12-01 00:04 UTC by Chris Evans
Modified: 2007-03-27 03:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-02-06 17:18:21 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Chris Evans 2000-12-01 00:04:13 UTC
[cc: to Bill because he did the 3dfx work AFAIR]

Due to broken permissions on /dev/dri, only root can use
hardware accel 3D in the default config.

pam_console gives ownership of "/dev/dri/*" to the console
user, which is great. Unfortunately, the /dev/dri directory itself
remains accessible only to root!

We cannot really give ownership of the /dev/dri directory itself
to the console user, for security reasons.

I found an OK solution: in the XF86Config-4 file, I added to
the DRI section the line "Mode 0601".

This gives access to /dev/dri/ without giving everyone access
to the graphics card file /dev/dri/card0. pam_console nicely
gives the console user ownership of /dev/dri/card0.

The best solution of all, though, is this (i.e. probably the proper
- Change the X server so it NEVER messes with the permissions
of /dev/dri or anything below.
- Ship /dev/dri owned by root, mode drwxr-xr-x. /dev/dri could
be owned by e.g. the "dev" package.
- Leave pam_console as it is

Comment 1 Bill Nottingham 2001-02-02 00:42:35 UTC
*** Bug 25491 has been marked as a duplicate of this bug. ***

Comment 2 Chris Evans 2001-02-06 17:18:17 UTC
Still problematic in BETA3
/dev/dri the directory has restricted permissions
/dev/dri/card0 also has restricted permissions

The release notes make a fuss about new 3dfx hardware acceleration
working out of the box. It would be nice if this were the case for
people other than root ;-)

Comment 3 Mike A. Harris 2001-03-06 15:43:07 UTC
THe permissions on DRI now allow non-root to use DRI in what I believe
is a safe manner..

Note You need to log in before you can comment on or make changes to this bug.