[Bug 278204] x11/xkeyboard-config: allow non-root to write into /var/lib/xkb

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278204

--- Comment #2 from Baptiste Daroussin <bapt@FreeBSD.org> ---
reading at the code, Xwayland and Xorg-xserver both seems to rely on "Popen"
xkbcomp.

Which means only the xkbcomp program needs to be able to write into
/var/lib/xkb

Probably we can make the 775 root:video and make the xkbcomp binary setgid with
video as a group

this is not great but still better than the current situation.

This is if we really want xkbcomp to be able to write into /var/lib/xkb, we can
also advice the user to run xkbcomp as root for the rare cases when it is
needed (when bringing a non provided xkb if my understanding is correct).

FYI I checked on linux (ubuntu 20.04) Xorg is not setuid, /var/lib/xkb is 755
root:root and Xorg is run as user, which means again if I am not missing
something that they are not expecting xorg to be able to write anything in that
directory.

My personal opinion is we should document how to manually run xkbcomp if
actually needed and do not touch de mode for /var/lib/xkb

-- 
You are receiving this mail because:
You are the assignee for the bug.