# Xorg setuid

## 8086

I was going through the list of SUID binaries on my system and noticed Xorg. Now, this binary being SUID has seemed very natural to me all these years I've been using Linux, but today it hit me: why does Xorg have to be SUID? I'm looking for technical details, but I'm too lazy to actually read the source.

----------

## bunder

I believe it has something to do with using a login manager, but it could also be for direct hardware access to the video card/inputs, and again I could be waaay off.   :Laughing: 

Moved from Off the Wall to Networking & Security.

----------

## 8086

I don't know if it's about the login manager, par example I don't use a login manager. I suppose hardware access is the cause, but I'm looking for details.

Sorry for postin in "off the wall" (as that seems to have been incorrect), I just thought this is more of a "General Linux" than Gentoo-specific kind of thing.

----------

## tSp

Answering this just so it doesn't go unanswered completely but I wondered this myself some time ago and found this answer (I believe it is still correct today):

Copied and pasted this from http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/x.html#XFREE86-ROOT

 *Quote:*   

> Q.  
> 
> Before, I was able to run XFree86 as a regular user. Why does it now say that I must be root?
> 
> 

 

 *Quote:*   

> 
> 
> A.  
> 
> All X servers need to be run as root in order to get direct access to your video hardware. Older versions of XFree86 (<= 3.3.6) installed all bundled servers to be automatically run as root (setuid to root). This is obviously a security hazard because X servers are large, complicated programs. Newer versions of XFree86 do not install the servers setuid to root for just this reason.
> ...

 

And, there is also a way to disable setuid on Xorg binary during install, or manually after install.  The downside is that you can't manually start xorg server (startkde from a bash shell for example as a normal user) without using a login manager (xdm, kdm, gdm).

----------

## kernelOfTruth

For completeness' sake:

https://wiki.gentoo.org/wiki/Non_root_Xorg

----------

