The officially official Devuan Forum!

You are not logged in.

#1 2017-09-12 11:18:07

Registered: 2016-11-25
Posts: 553

xserver-xorg-legacy in ascii

To get X to work in ascii and beyond...

1. Install xserver-xorg-legacy   (This might be all you need to do.)

2. (maybe)
If you don't use a display manager (like slim or lightdm) and want to use 'startx' to get a graphical session, you'll need to run this command once (or edit the file manually)

echo "needs_root_rights=yes" >> /etc/X11/Xwrapper.config

3. (you tell me. I predict there will be more needed in the future.)


#2 2017-09-12 12:05:59

Registered: 2017-04-28
Posts: 3

Re: xserver-xorg-legacy in ascii

The second step will cause the X server to be started as root, which is a really bad idea(TM). The first step might already do that (since Xwrapper defaults to "auto"). … n_sprundel has an introduction to X server security.


#3 2017-09-14 08:20:16

Registered: 2017-09-14
Posts: 1

Re: xserver-xorg-legacy in ascii

Well, the display manager also launches Xorg as root:

root      2109  1.7  1.2 469952 99548 tty7     Ssl+ 07:52   2:31 /usr/lib/xorg/Xorg -nolisten tcp -auth /var/run/slim.auth vt07

Or am I wrong?

Btw: Is it intrinsic to systemd to run Xorg as user?

Is there any other solution as of now?

Last edited by korgull (2017-09-14 08:22:10)


#4 2017-09-14 11:46:15

Registered: 2016-11-25
Posts: 553

Re: xserver-xorg-legacy in ascii

Yes, X has been running as root forever, and that only changed with stretch. I don't know the details of how systemd works with that, but the dependence of xorg on systemd also appeared with stretch. According to the linked video, the solution is to switch to wayland. (That's an over-simplified explanation. In fact, a lot of bugs have been fixed as a result of  that guy's work.)


#5 2017-09-18 23:08:50

From: Zagreb, Croatia
Registered: 2016-11-30
Posts: 163

Re: xserver-xorg-legacy in ascii

fsmithred wrote:

Yes, X has been running as root forever, and that only changed with stretch. I don't know the details of how systemd works with that, but the dependence of xorg on systemd also appeared with stretch.

The one and the other change not be of the kind to put together as similar (not saying that you are doing so).
The change with Xorg is praisewothy (but probably came to be because the exploits went mad on Xorg...), the other change is sad as can be...
fsmithred, I just sent an email to dng mailing list (and to a few Devauners of the thread on Xorg, one of them being you).
And then I see this documentation post...
Good! Let's wait and see if my email to DNG ML appears at:
Gosh! It appeared! Phew! Feeling muuuch better now smile!

Subject: Re: [DNG] upgrade from Debian stretch to Devuan ascii? … f1.en.html

Readers here, take note that it is absolutely best for security of your Devuan boxen if you manage to use Xorg the new way, not as root!

Happy smile !

Last edited by miroR (2017-09-18 23:09:23)

Devs/testers/users of FOSS, what might be ahead for GNU/Linux after we lost PaX Team and spender? spender wrote: … 699#p17127
Google made the choice to engage in underhanded competition against us with our own code...
grsecurity ripoff by Google, w/ Linus approval … 4b.en.html


#6 2018-01-25 22:36:42

Registered: 2017-11-11
Posts: 7

Re: xserver-xorg-legacy in ascii


as I came also myself in xinit not running on  a minimal install without systemd, policykit and consolekit,  it turns out that  xserver-xorg-legacy was build specifically for  "legacy" debian setups without systemd :

xorg-server (2:1.17.3-1) unstable; urgency=medium

The Xorg server is no longer setuid root by default. This change reduces the
risk of privilege escalation due to X server bugs, but has some side effects:

* it relies on logind and libpam-systemd
* it relies on a kernel video driver (so the userspace component doesn't
touch the hardware directly) ->  kernel mode setting (KMS)
* it needs X to run on the virtual console (VT) it was started from
* it changes the location for storing the Xorg log from /var/log/ to

On systems where those are not available, the new xserver-xorg-legacy package
is needed to allow X to run with elevated privileges.
See the
Xwrapper.config(5) manual page for configuration details.

-- Julien Cristau <> Tue, 27 Oct 2015 22:54:11 +0000


Board footer