View previous topic :: View next topic |
Author |
Message |
zhqtdhzh n00b
Joined: 11 Sep 2016 Posts: 9
|
Posted: Wed Oct 19, 2016 7:25 am Post subject: [SOLVED] parse_vt_settings cannot open /dev/tty0 permission |
|
|
Hi all penguines,
I cannot launch up any instance of /usr/bin/X from non-root account. What's probable reasons? Is it because I have compiled x11-base/xorg-server without the suid flag?
I'd like to have your knowledge in advance to another re-compilation of xorg-server, because the related laptop, albeit low voltage and performance, is running for a VERY long updating task. UNDISRUPTABLE, imho.
My log file goes as following:[/code]
Code: | [ 56778.572]
X.Org X Server 1.18.4
Release Date: 2016-07-19
[ 56778.575] X Protocol Version 11, Revision 0
[ 56778.576] Build Operating System: Linux 4.4.6-gentoo i686 Gentoo
[ 56778.577] Current Operating System: Linux ultralow 4.4.6-gentoo #4 SMP Fri Oct 7 20:12:08 CST 2016 i686
[ 56778.578] Kernel command line: BOOT_IMAGE=/vmlinuz-4.4.6-gentoo root=/dev/mapper/gentoo--root-gentoo--root--netbook--0 ro dolvm domdadm rootfstype=ext4
[ 56778.581] Build Date: 06 October 2016 03:27:54PM
[ 56778.582]
[ 56778.584] Current version of pixman: 0.34.0
[ 56778.587] Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[ 56778.588] Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[ 56778.595] (==) Log file: "/home/zhqtdhzh/.local/share/xorg/Xorg.4.log", Time: Wed Oct 19 13:12:33 2016
[ 56778.697] (==) Using config directory: "/etc/X11/xorg.conf.d"
[ 56778.700] (==) Using system config directory "/usr/share/X11/xorg.conf.d"
[ 56778.731] (==) No Layout section. Using the first Screen section.
[ 56778.731] (==) No screen section available. Using defaults.
[ 56778.731] (**) |-->Screen "Default Screen Section" (0)
[ 56778.731] (**) | |-->Monitor "<default monitor>"
[ 56778.752] (==) No device specified for screen "Default Screen Section".
Using the first device section listed.
[ 56778.753] (**) | |-->Device "intel"
[ 56778.753] (**) | |-->GPUDevice "modesetting"
[ 56778.753] (==) No monitor specified for screen "Default Screen Section".
Using a default monitor configuration.
[ 56778.753] (==) Automatically adding devices
[ 56778.753] (==) Automatically enabling devices
[ 56778.753] (==) Automatically adding GPU devices
[ 56778.753] (==) Max clients allowed: 256, resource mask: 0x1fffff
[ 56778.753] (WW) The directory "/usr/share/fonts/TTF/" does not exist.
[ 56778.753] Entry deleted from font path.
[ 56778.753] (WW) The directory "/usr/share/fonts/OTF/" does not exist.
[ 56778.753] Entry deleted from font path.
[ 56778.753] (WW) The directory "/usr/share/fonts/Type1/" does not exist.
[ 56778.753] Entry deleted from font path.
[ 56778.753] (WW) `fonts.dir' not found (or not valid) in "/usr/share/fonts/100dpi/".
[ 56778.753] Entry deleted from font path.
[ 56778.753] (Run 'mkfontdir' on "/usr/share/fonts/100dpi/").
[ 56778.753] (WW) `fonts.dir' not found (or not valid) in "/usr/share/fonts/75dpi/".
[ 56778.753] Entry deleted from font path.
[ 56778.753] (Run 'mkfontdir' on "/usr/share/fonts/75dpi/").
[ 56778.753] (==) FontPath set to:
/usr/share/fonts/misc/
[ 56778.753] (==) ModulePath set to "/usr/lib/xorg/modules"
[ 56778.753] (II) The server relies on udev to provide the list of input devices.
If no devices become available, reconfigure udev or disable AutoAddDevices.
[ 56778.759] (II) Loader magic: 0x829b680
[ 56778.759] (II) Module ABI versions:
[ 56778.759] X.Org ANSI C Emulation: 0.4
[ 56778.759] X.Org Video Driver: 20.0
[ 56778.759] X.Org XInput driver : 22.1
[ 56778.759] X.Org Server Extension : 9.0
[ 56778.760] (II) xfree86: Adding drm device (/dev/dri/card0)
[ 56778.762] (--) PCI:*(0:0:2:0) 8086:22b1:1d05:101a rev 33, Mem @ 0x80000000/16777216, 0x90000000/268435456, I/O @ 0x0000f000/64
[ 56778.763] (II) LoadModule: "glx"
[ 56778.763] (II) Loading /usr/lib/xorg/modules/extensions/libglx.so
[ 56778.773] (II) Module glx: vendor="X.Org Foundation"
[ 56778.773] compiled for 1.18.4, module version = 1.0.0
[ 56778.773] ABI class: X.Org Server Extension, version 9.0
[ 56778.773] (==) AIGLX enabled
[ 56778.773] (II) LoadModule: "intel"
[ 56778.773] (II) Loading /usr/lib/xorg/modules/drivers/intel_drv.so
[ 56778.773] (II) Module intel: vendor="X.Org Foundation"
[ 56778.773] compiled for 1.18.4, module version = 2.99.917
[ 56778.773] Module class: X.Org Video Driver
[ 56778.773] ABI class: X.Org Video Driver, version 20.0
[ 56778.773] (II) LoadModule: "modesetting"
[ 56778.774] (II) Loading /usr/lib/xorg/modules/drivers/modesetting_drv.so
[ 56778.796] (II) Module modesetting: vendor="X.Org Foundation"
[ 56778.796] compiled for 1.18.4, module version = 1.18.4
[ 56778.796] Module class: X.Org Video Driver
[ 56778.796] ABI class: X.Org Video Driver, version 20.0
[ 56778.796] (II) intel: Driver for Intel(R) Integrated Graphics Chipsets:
i810, i810-dc100, i810e, i815, i830M, 845G, 854, 852GM/855GM, 865G,
915G, E7221 (i915), 915GM, 945G, 945GM, 945GME, Pineview GM,
Pineview G, 965G, G35, 965Q, 946GZ, 965GM, 965GME/GLE, G33, Q35, Q33,
GM45, 4 Series, G45/G43, Q45/Q43, G41, B43
[ 56778.797] (II) intel: Driver for Intel(R) HD Graphics: 2000-6000
[ 56778.797] (II) intel: Driver for Intel(R) Iris(TM) Graphics: 5100, 6100
[ 56778.797] (II) intel: Driver for Intel(R) Iris(TM) Pro Graphics: 5200, 6200, P6300
[ 56778.797] (II) modesetting: Driver for Modesetting Kernel Drivers: kms
[ 56778.797] (EE)
Fatal server error:
[ 56778.801] (EE) parse_vt_settings: Cannot open /dev/tty0 (Permission denied)
[ 56778.804] (EE)
[ 56778.806] (EE)
Please consult the The X.Org Foundation support
at http://wiki.x.org
for help.
[ 56778.816] (EE) Please also check the log file at "/home/zhqtdhzh/.local/share/xorg/Xorg.4.log" for additional information.
[ 56778.819] (EE)
|
Last edited by zhqtdhzh on Sun Oct 23, 2016 2:36 pm; edited 1 time in total |
|
Back to top |
|
|
zhqtdhzh n00b
Joined: 11 Sep 2016 Posts: 9
|
Posted: Wed Oct 19, 2016 11:39 am Post subject: |
|
|
after reading https://forums.gentoo.org/viewtopic-t-1051962.html?sid=d84eb076909b7ef58512d5f7ec9b5072, I tried my own adventure.
1. Create new rule to make device files readable
Code: | # cat /lib/udev/rules.d/50-udev-default.rules | sed -n "21{s/0620/0660/;p}" > /etc/udev/rules.d/mytty.rules
# udevadm control --reload
# udevadm trigger
|
2. Add user into supplement group 'tty'. This is a dangerous according to my referred post.
Code: | # usermod -aG tty user |
3. Logout and Login
4. Try Xorg and it reports: Code: | xf86EnableIOPorts failed to set IOPL for I/O operation not permitted | , and found no screen in config files.
5. Read log file to find permission to operate on /dev/dri/card0 is disallowed.
6. Code: | # usermod -aG video user | to have an additional supplement group for me.
7. Logout and login
8. Try Xorg. There is no more (EE) message, and I have an 'X desktop'. Hooray.
9. But my touchpad is not working. Try search Internet to find this link:https://wiki.gentoo.org/wiki/Non_root_Xorg. Gentoo's wiki is so gr~r~eat. Why not have been found it earlier?
10. Find my laptop dead. Not only a unworking touchpad, there also are blalcked-out screen and keyboard due to energe-saving..(by apmd or acpid?)
11. While waiting for one or two days for completing the updating task to make sure my laptop power off safely, noobs having a Xorg server compiled without suid flag, like me, are warned here:
Just refer to the wiki page, "Non root Xorg". It's at https://wiki.gentoo.org/wiki/Non_root_Xorg. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21633
|
Posted: Thu Oct 20, 2016 1:50 am Post subject: |
|
|
I knew the bad advice in that thread would cause problems. I just did not expect it to mislead someone so quickly. |
|
Back to top |
|
|
zhqtdhzh n00b
Joined: 11 Sep 2016 Posts: 9
|
Posted: Sat Oct 22, 2016 4:35 am Post subject: |
|
|
Nice you, Hu. Supposedly my laptop go dumb because I was not in input group at that time.
The wiki page, non_root_Xorg ignores a possbility which should result in the error as in the title of this post.
Let's look at the more secure alternative method which arranges user NOT in input or tty group.
When I had conditions like:
====================
/dev/event0 root input
...
/dev/event10 root input
/dev/mice root input
/dev/mouse0 root input
/usr/bin/Xorg -rwxr-s-r-x root input
/dev/tty[1-4] crw--w----root tty
/dev/tty5 crw------- user tty # user had logged on this tty
/dev/tty6 crw--w---- root tty
user groups: user, video
==================
".. parse_vt_settings: .. /dev/tty0 ..permission .."
solution: add user into wheel group (or maybe root group ).
----found by my fingers.
I don't know where wheel's power comes from in detail, but it works.
Better add this fact into wiki.gentoo.org/wiki/non_root_Xorg by someone of you gentoos.
regards.
===================
Well been shamefully provided a totally wrong recommend, I'm here to reclaim that: non_root_Xorg page is all right. Never bother to wheel group for permission thingies. Specifying a wrong (unlogged on) virtual terminal simly leads to tty reading operation to fail. If any user logged on via tty5, then append "vt5" onto server's options of xinit/startx in command line...(after the "--"). |
|
Back to top |
|
|
i92guboj Bodhisattva
Joined: 30 Nov 2004 Posts: 10315 Location: Córdoba (Spain)
|
Posted: Fri Oct 27, 2017 10:41 am Post subject: |
|
|
Hi.
I've been hit by this today. Why today, it's unknown to me. All of a sudden, I could no longer startx.
Nice, after trying a few things I noticed I could downgrade xorg-server and a "suid" USE flag was to be added. That seems fantastic, since we've been told since our kindergarten times that running X as root is bad bad bad. B-A-D.
So, the proposed to solutions are:
A) follow some weird wiki page to try to get the DEFAULT setup fixed, with mixed degrees of success, from what I've read around
B) open your throat and taste X as root, either by suid, wheel or, just be brave, by directly logging in as root (why not? same nonsense)
Before openly declaring what I think about this (you might already have an intuition ), I'd truly like to know what the hell is going on here or if there's something basic that I have missed during these last years. |
|
Back to top |
|
|
Wizumwalt Guru
Joined: 20 Aug 2006 Posts: 547
|
Posted: Sat Nov 03, 2018 9:30 pm Post subject: |
|
|
Just got hit by this today. Was there ever a "proper" fix for this as opposed to all the methods of running X as root? |
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6098 Location: Dallas area
|
Posted: Sat Nov 03, 2018 10:00 pm Post subject: |
|
|
Not sure about a proper method but ... on my single user system
I added my user to input, video and tty groups
chown of /dev/tty7 to my user
Now I can start X as regular user, all I do is "startx" I don't supply the vt parm.
If you wanted to use some other vt, then it would be trivial to chown of that vt.
It would even be easy to modify startx or wrap a script around it to change the owner of the tty/vt and then change it back afterward with something like sudo.
And yes, they changed the "suid use flag" from the xorg-server ebuild, first they removed it in favor of using the systemd use flag, after a number of people complained, they then added it back, but it's not on by default, if you want suid, then add it in package.use.
Note: I made the modifications yesterday and so far no problems with running X as my user.
ETA: https://wiki.gentoo.org/wiki/Non_root_Xorg _________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
Wizumwalt Guru
Joined: 20 Aug 2006 Posts: 547
|
Posted: Sat Nov 03, 2018 10:24 pm Post subject: |
|
|
So I added my user to input, video, and tty. Before I was getting a perm denied on /dev/tty0. Now I'm getting:
Cannot open virtual console 7 (Permission denied)
And I'm not sure what device "virtual console 7" is.
All I do to start x is the same as you, "startx" with no params. |
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6098 Location: Dallas area
|
Posted: Sat Nov 03, 2018 10:28 pm Post subject: |
|
|
Wizumwalt wrote: | So I added my user to input, video, and tty. Before I was getting a perm denied on /dev/tty0. Now I'm getting:
Cannot open virtual console 7 (Permission denied)
And I'm not sure what device "virtual console 7" is.
All I do to start x is the same as you, "startx" with no params. |
what does "ls -l /dev/tty7" return _________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
Wizumwalt Guru
Joined: 20 Aug 2006 Posts: 547
|
Posted: Sat Nov 03, 2018 10:30 pm Post subject: |
|
|
$ls -l appears as follows:
Code: | crw--w---- 1 root tty 4, 7 Nov 3 12:21 /dev/tty7 |
|
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6098 Location: Dallas area
|
Posted: Sat Nov 03, 2018 10:32 pm Post subject: |
|
|
"chown <your user name> /dev/tty7"
This will reset every time you reboot (if I'm not mistaken), although a udev rule could be made to have it set to your user on reboot.
I wouldn't do it this way on a multi-user system, but for a single user, there's no problem. _________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
Wizumwalt Guru
Joined: 20 Aug 2006 Posts: 547
|
Posted: Sat Nov 03, 2018 10:35 pm Post subject: |
|
|
Ugh, and that's how it has to be done? That just doesn't seem right.
Thanks for that though, helpful. I'm just surprised we're a year or more w/ this issue and that's the best we have. |
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6098 Location: Dallas area
|
Posted: Sat Nov 03, 2018 10:37 pm Post subject: |
|
|
As I said it could be done by way of modifying startx, and probably cleaner that way, but on my single user system, I just don't care. _________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6098 Location: Dallas area
|
Posted: Sat Nov 03, 2018 10:45 pm Post subject: |
|
|
For example, we'll use sudo to change things.
Lets say user is "joe" add this to sudoers file
Code: |
joe ALL=(ALL) NOPASSWD: /bin/chown joe /dev/tty7
joe ALL=(ALL) NOPASSWD: /bin/chown root /dev/tty7
|
Add this to the beginning of startx
Code: |
sudo /bin/chown joe /dev/tty7
|
at the end of startx, after the xinit call add
Code: |
sudo /bin/chown root /dev/tty7
|
I haven't tested it, but it should work.
With a little thought and some scripting, it should be easy enough to manage both sudoers and startx for even several people.
ETA: startx could even be modified to add the user to the proper groups, and then remove them at the end of the session.
This isn't rocket science.
As the top of the startx file says
Code: | # This is just a sample implementation of a slightly less primitive
# interface than xinit. It looks for user .xinitrc and .xserverrc
# files, then system xinitrc and xserverrc files, else lets xinit choose
# its default. The system xinitrc should probably do things like check
# for .Xresources files and merge them in, start up a window manager,
# and pop a clock and several xterms. |
_________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
rogerx Tux's lil' helper
Joined: 06 Apr 2004 Posts: 118
|
Posted: Tue Nov 06, 2018 11:35 pm Post subject: |
|
|
Think I tracked this offending device file permissions problem down to the file "/etc/init.d/devfs" at line 92:
-- "devpts /dev/pts 0755 ,gid=5,mode=0620 devpts"
++ "devpts /dev/pts 0755 ,gid=5,mode=0660 devpts"
This should resolve this over-reaching power/control problem. (I'll test with a reboot in another 30 minutes.)
This file is apparently provided by the sys-apps/openrc, now that's a surprise and am now wondering what caused this. Further research shows the 0620 permissions were instated during or prior to the year 2014. It's possibly something now in 2018 is now executing this file, and was likely haphazardly inactive for the past years. (eg. rc start/stop on boot/default)
(Putting chown/chmod into the your sudo file is probably not a good idea.)
UPDATE:
I've rebooted and the above doesn't solve this permissions/group problem. Even after modifying another line, at line #72:
[ -c /dev/tty1 ] || mknod -m 620 /dev/tty1 c 4 1
Might be I have to reboot into a rescue mode and manually augment these files, but so far it looks like something within /etc/init.d/devfs is definitely triggering and enforcing 0620 regardless of stating 0660! (eg. Execute "rc-service devfs restart" reverts to 0620!) _________________ Roger
http://rogerx.freeshell.org/ |
|
Back to top |
|
|
jesnow l33t
Joined: 26 Apr 2006 Posts: 856
|
Posted: Sun Aug 02, 2020 7:42 pm Post subject: |
|
|
I can't believe I'm in 2020 suddenly caught by this after a world update.
What is the approved solution?
jon |
|
Back to top |
|
|
SlashBeast Retired Dev
Joined: 23 May 2006 Posts: 2922
|
Posted: Sun Aug 02, 2020 7:55 pm Post subject: |
|
|
You have most definitely different problem than what was discussed here years ago. Check https://wiki.gentoo.org/wiki/Non_root_Xorg and create new thread if you need help. |
|
Back to top |
|
|
jesnow l33t
Joined: 26 Apr 2006 Posts: 856
|
Posted: Sun Aug 02, 2020 7:59 pm Post subject: |
|
|
Thanks for the quick response!
It sure seems like the same issue, as chown user:users /dev/tty0 worked.
I've never run startx any other way than as user, but maybe the issues is with elogind or xorg not being suid? I don't really want to know, I just want it to work.
edit: it was indeed a problem with missing elogind use flag. Disable the consolekit use flag (also in /etc/portage/package.use) and re-emerge -DNu world.
Cheers,
Jon. |
|
Back to top |
|
|
rogerx Tux's lil' helper
Joined: 06 Apr 2004 Posts: 118
|
Posted: Sun Aug 02, 2020 11:38 pm Post subject: |
|
|
Recently ran into this bug again last week after an emerge world.
It's caused by udev rules.
I recently just created a custom rule to also also group read/write on /dev/tty* devices. Easily done by searching google. _________________ Roger
http://rogerx.freeshell.org/ |
|
Back to top |
|
|
superdeez n00b
Joined: 10 May 2015 Posts: 59
|
Posted: Tue Aug 11, 2020 1:01 am Post subject: |
|
|
While doing my weekly updates I ran across this myself on my spare box and my laptop both.
Putting my user in the tty group made it change to the Code: | can't open vt7 (permission denied) | or whatever it said.
I looked at the guide here: https://wiki.gentoo.org/wiki/Non_root_Xorg
On both machines I had to add dbus to the default runlevel. I rebooted and it began to work.
Not sure if this is what does this, but running startx now puts X on whatever vt I logged in on. My mainbox has done that for some time so maybe I ran into the trouble there and forgot about it. That closes the old security hole that someone could <ctrl+C> and get to a prompt.
Spare box works as well as an old P4 can. Laptop has an input problem now, but that's for another thread. Hope this helps |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Tue Aug 11, 2020 2:24 am Post subject: |
|
|
I just added suid to xorg-server in package.use and it runs like it has for the last twelve years. no muss. no fuss. Just works.
This is not a business machine. It's a desktop private PC in a home with no children. Just me and my computerphobic wife. (I answer her e-mail). |
|
Back to top |
|
|
dartleader Tux's lil' helper
Joined: 21 Apr 2019 Posts: 118
|
Posted: Thu Aug 27, 2020 1:20 am Post subject: |
|
|
I ran into this problem today and simply adding elogind to my default runlevel fixed the problem upon logging out/back in. |
|
Back to top |
|
|
Duncan Mac Leod Guru
Joined: 02 May 2004 Posts: 312 Location: Germany
|
Posted: Mon Sep 07, 2020 11:45 am Post subject: |
|
|
Tony0945 wrote: | I just added suid to xorg-server in package.use and it runs like it has for the last twelve years. no muss. no fuss. Just works.
This is not a business machine. It's a desktop private PC in a home with no children. Just me and my computerphobic wife. (I answer her e-mail). |
Just trying your suggestion with suid... - works !!
...and your "(I answer her e-mail)": LOL, GREAT |
|
Back to top |
|
|
sbr n00b
Joined: 02 Jun 2019 Posts: 8
|
Posted: Tue Sep 08, 2020 4:53 pm Post subject: |
|
|
FWIW, adding elogind to default runlevel, starting it, logging out and back in worked for me.
Code: | rc-config add elogind default
rc-service elogind start |
|
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Wed Sep 09, 2020 12:59 am Post subject: |
|
|
I avoid these problems by running X as a root service.
I don't care that it's insecure. I have no interest in installing bloat like elogind and all information about running unpriv X without that has been deemed contraband by the devs. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|