Red Hat Bugzilla – Bug 21545
Broken permissions on /dev/dri!!
Last modified: 2007-03-26 23:37:56 EDT
[cc: to Bill because he did the 3dfx work AFAIR]
Due to broken permissions on /dev/dri, only root can use
hardware accel 3D in the default config.
pam_console gives ownership of "/dev/dri/*" to the console
user, which is great. Unfortunately, the /dev/dri directory itself
remains accessible only to root!
We cannot really give ownership of the /dev/dri directory itself
to the console user, for security reasons.
I found an OK solution: in the XF86Config-4 file, I added to
the DRI section the line "Mode 0601".
This gives access to /dev/dri/ without giving everyone access
to the graphics card file /dev/dri/card0. pam_console nicely
gives the console user ownership of /dev/dri/card0.
The best solution of all, though, is this (i.e. probably the proper
- Change the X server so it NEVER messes with the permissions
of /dev/dri or anything below.
- Ship /dev/dri owned by root, mode drwxr-xr-x. /dev/dri could
be owned by e.g. the "dev" package.
- Leave pam_console as it is
*** Bug 25491 has been marked as a duplicate of this bug. ***
Still problematic in BETA3
/dev/dri the directory has restricted permissions
/dev/dri/card0 also has restricted permissions
The release notes make a fuss about new 3dfx hardware acceleration
working out of the box. It would be nice if this were the case for
people other than root ;-)
THe permissions on DRI now allow non-root to use DRI in what I believe
is a safe manner..