On Tue, 22 Jan 2002, Swanson, Bryan wrote: > this may seem obvious, but is /usr/X11R6/bin/XFree86 > setuid root? It does not need to be, unless you really want to give all users (including users from network) the right to start X servers on your console. However, RH changed the way pam_console saves who has the console ownership. It is now two files /var/run/console.lock and /var/run/console/<username>. I dont know why, but this is probably documented in the sources, implicitly if not explicitly :). The way pam_console saves console ownership should not matter as long as you are just using pam_console and trust it to do its thing. If pam_console is not needed, removing it from /etc/pam.d/xserver (and using some other pam_modules perhaps?) should be quite sufficient. /usr/bin/X11/X should be a symlink to /usr/bin/X11/Xwrapper. Xwrapper checks (using PAM) the the user has console ownership before it allows X to be started. So remote users cannot start X. AFAIK, is works just as it is intended to work. I missed the start of the thread, so i don't know what was the problem.. - Jani
