Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 21545

Summary: Broken permissions on /dev/dri!!
Product: [Retired] Red Hat Linux Reporter: Chris Evans <chris>
Component: XFree86Assignee: Mike A. Harris <mharris>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: high    
Version: 7.0CC: notting
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-02-06 17:18:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Evans 2000-12-01 00:04:13 UTC 
[cc: to Bill because he did the 3dfx work AFAIR]

Due to broken permissions on /dev/dri, only root can use
hardware accel 3D in the default config.

pam_console gives ownership of "/dev/dri/*" to the console
user, which is great. Unfortunately, the /dev/dri directory itself
remains accessible only to root!

We cannot really give ownership of the /dev/dri directory itself
to the console user, for security reasons.

I found an OK solution: in the XF86Config-4 file, I added to
the DRI section the line "Mode 0601".

This gives access to /dev/dri/ without giving everyone access
to the graphics card file /dev/dri/card0. pam_console nicely
gives the console user ownership of /dev/dri/card0.


The best solution of all, though, is this (i.e. probably the proper
one):
- Change the X server so it NEVER messes with the permissions
of /dev/dri or anything below.
- Ship /dev/dri owned by root, mode drwxr-xr-x. /dev/dri could
be owned by e.g. the "dev" package.
- Leave pam_console as it is
Comment 1 Bill Nottingham 2001-02-02 00:42:35 UTC 
*** Bug 25491 has been marked as a duplicate of this bug. ***
Comment 2 Chris Evans 2001-02-06 17:18:17 UTC 
Still problematic in BETA3
/dev/dri the directory has restricted permissions
/dev/dri/card0 also has restricted permissions

The release notes make a fuss about new 3dfx hardware acceleration
working out of the box. It would be nice if this were the case for
people other than root ;-)
Comment 3 Mike A. Harris 2001-03-06 15:43:07 UTC 
THe permissions on DRI now allow non-root to use DRI in what I believe
is a safe manner..