How to determine if X server runs with root privileges
There are a few ways to output the user ID (UID) with ps
; a simple one is with -f
:
ps -fC X
Will give you information for all the X servers that are running (there can be more than one).
This presumes that the executable is called X
-- if there's no such process, you will have to target something else. Since it almost certainly at least has capital X in it (e.g., Xorg
, X11
), an alternative is to filter through grep:
ps -o uid,comm -A | grep X
This removes the column headers, but the UID is the numerical one on the left. If this is 0
, then the process is running root. If nothing turns up, try ps -fA | grep X
; this one involves more clutter.
Finally, if there is no process with capital X
in its name, try x
; you may at least find commands used to control it, such as startx
or xinit
. You could also try dm
, since display managers usually have this in their name (gdm
, etc). However, none of these is actually the X server, and although xinit
starts the server, the server executable often has the setuid bit set, meaning even though xinit
has a non-privileged UID, X will still run as root.
Related videos on Youtube
lord.garbage
Updated on September 18, 2022Comments
-
lord.garbage over 1 year
This is a one-liner: Is there a way/command to check if the X server is run as root or as user?
This was supposed to be a one-liner but alas... I recently upgraded my Arch Linux box. After the upgrade I was notified that
X
now runs rootless. I checked on the official Arch Linux page and it states:X is now rootless with the help of systemd-logind [...] [1]
This got me interested in how to check whether
X
is run rootless or not. How can this be done? -
goldilocks almost 10 yearsThe
ps X
output is unrelated (see OUTPUT FORMAT CONTROL inman ps
about that). I think the X server isn't necessarily calledX
, which might be your problem, but it should at least contain the letter X; I've added a paragraph about usinggrep
to get around this. -
goldilocks almost 10 yearsMaybe that was my bad. It seems an odd way to put it to me, but I'll defer to the Arch docs. I use
startx
as well; on my system hands off toxinit
, and only the later persists in the process table. The parent process of the X server isxinit
, so for you it should bestartx
. You find this via the PPID given byps -f
once you know the name of the X server process. Take that PPID number andps -p
+ the PPID should give youstartx
. If none of these things has UID 0, it is "running rootless". -
lord.garbage almost 10 yearsNice. I have both processes persisting,
startx
andxinit
. I check them withps -fC startx
andps -fC xinit
. Both have aUID ≠ 0
. One important sidenote: I was only able to findstartx
andxinit
feedinggrep
a lowercasex
. You think it advisable to include this in your answer? -
goldilocks almost 10 yearsHmmm -- I've added another paragraph about this. Neither
xinit
norstartx
is actually the X server, which is a bit of an issue. I've asked about this in chat: chat.stackexchange.com/rooms/26/unix-and-linux What output do you get forwhich X
orwhich Xorg
? -
lord.garbage almost 10 yearsInput:
which X
. Output:/usr/bin/X
. Input:which Xorg
. Output:/usr/bin/Xorg
. I get output forps -fC Xorg.bin
. It's path is/usr/bin/Xorg.bin
. It'sUID
is also different from0
. -
goldilocks almost 10 yearsOkay, that's almost certainly the server then, which doesn't have UID
root
. Strange thegrep
did not work -- obviouslyps -fA | grep X
would work, I avoided that one because it will include a lot of other clutter. -
goldilocks almost 10 yearsI would guess the reason for the separate
Xorg.bin
is to have one without the setuid bit set, so that it will run non-root. -
lord.garbage almost 10 yearsExcellent. Problem solved. Thanks for your patience and effort! I will read up on how this exactly works!