From c7a96d791b43e9a7ef83b22641b3cc0e95cad80f Mon Sep 17 00:00:00 2001 From: emersion Date: Tue, 26 Feb 2019 23:49:22 +0100 Subject: [PATCH] Updated Running Sway without systemd (markdown) --- Running-Sway-without-systemd.md | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/Running-Sway-without-systemd.md b/Running-Sway-without-systemd.md index 4ae29cf..2fba071 100644 --- a/Running-Sway-without-systemd.md +++ b/Running-Sway-without-systemd.md @@ -21,10 +21,23 @@ sudo ninja -C build install Make sure elogind is running and configured correctly before starting sway. Refer to your distribution's documentation for details. +# Direct via setuid + +_Note: Attempting to run sway this way without this being configured correctly will probably leave your computer in an unresponsive state, requiring a reboot_ + +To have sway run as root in order to gain access to the resources you need, you must set the setuid bit on the sway executable: +``` +chmod +s /usr/bin/sway +``` + +Sway will fork into a minimal slave process to keep these privileges, while dropping its own. As with any program, using setuid has serious security implications. + # Direct via capabilities _Note: Attempting to run sway this way without this being configured correctly will probably leave your computer in an unresponsive state, requiring a reboot_ +_Note: Sway won't drop capabilities, use setuid instead._ + In order to use this, wlroots must be compiled with `libcap` support: ``` meson build -Dbuildtype=debugoptimized -Dlibcap=enabled @@ -44,15 +57,6 @@ setcap cap_sys_admin=eip /usr/bin/sway _Note: `CAP_SYS_ADMIN` is a very serious capability to give a process, and can be considered as powerful as root itself. See [here](https://lwn.net/Articles/486306/) for some more background._ -# Direct via setuid - -To have sway run as root in order to gain access to the resources you need, you must set the setuid bit on the sway executable: -``` -chmod +s /usr/bin/sway -``` - -Sway will fork into a minimal slave process to keep these privileges, while dropping its own. As with any program, using setuid has serious security implications. - # Tips and Tricks ## Archlinux without systemd/elogind