Bug 21545 - Broken permissions on /dev/dri!!
Broken permissions on /dev/dri!!
Product: Red Hat Linux
Classification: Retired
Component: XFree86 (Show other bugs)
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Mike A. Harris
David Lawrence
: 25491 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2000-11-30 19:04 EST by Chris Evans
Modified: 2007-03-26 23:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-02-06 12:18:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Chris Evans 2000-11-30 19:04:13 EST
[cc: to Bill because he did the 3dfx work AFAIR]

Due to broken permissions on /dev/dri, only root can use
hardware accel 3D in the default config.

pam_console gives ownership of "/dev/dri/*" to the console
user, which is great. Unfortunately, the /dev/dri directory itself
remains accessible only to root!

We cannot really give ownership of the /dev/dri directory itself
to the console user, for security reasons.

I found an OK solution: in the XF86Config-4 file, I added to
the DRI section the line "Mode 0601".

This gives access to /dev/dri/ without giving everyone access
to the graphics card file /dev/dri/card0. pam_console nicely
gives the console user ownership of /dev/dri/card0.

The best solution of all, though, is this (i.e. probably the proper
- Change the X server so it NEVER messes with the permissions
of /dev/dri or anything below.
- Ship /dev/dri owned by root, mode drwxr-xr-x. /dev/dri could
be owned by e.g. the "dev" package.
- Leave pam_console as it is
Comment 1 Bill Nottingham 2001-02-01 19:42:35 EST
*** Bug 25491 has been marked as a duplicate of this bug. ***
Comment 2 Chris Evans 2001-02-06 12:18:17 EST
Still problematic in BETA3
/dev/dri the directory has restricted permissions
/dev/dri/card0 also has restricted permissions

The release notes make a fuss about new 3dfx hardware acceleration
working out of the box. It would be nice if this were the case for
people other than root ;-)
Comment 3 Mike A. Harris 2001-03-06 10:43:07 EST
THe permissions on DRI now allow non-root to use DRI in what I believe
is a safe manner..

Note You need to log in before you can comment on or make changes to this bug.