I would say that simply means that either there is something wrong with your workflow (and that would be difficult to support, because indivdual workflow is such an individual thing), or that it simply means that running the desktop in a secure mode in that way is not compatible with your workflow (which is far more likely anyway). For that grand majority of users Wayland will not change or be in collision with their work flow. Where it is they (as you) are welcome to avoid Wayland. IT is not like it is being mandated as the SINGLE SELECTED ALL POWERFUL SOLUTION or anything. No one on the free desktop team is like that.

No, but it needs elogind and/or seatd, which do.
Wayland gets called more secure because it pushes off alot of what the Xserver used to do into the laps of the compositors, seatd, and other components. When you take all that together in a usable system, it's comparable to the Xserver. You can run a session with Wayland as root, to clear that up since I sense someone might not have been clear on that above. Thinking I had a permissions problem for a tablet and wanting to debug to that end, I tried running labwc under root a few days ago and it worked.

But, I'm giving it a fair shake. I'd be willing to switch if the kinks and bugs were worked out. A couple of compositors of different weights might be a good idea for Slackware. I noticed I don't have the screen tear that I had with Xorg. Xwayland has problems with applications that use/need keyboard/mouse grab. Applications lose their menus (web browser 'add bookmark' menu), and others need to be forced into x11 mode through environment variables (MOZ_ENABLE_WAYLAND=0 and SDL_VIDEODRIVER="x11" for example) else they get "lost" under Xwayland. Others have windows that don't move/resize properly. The bell (\a) won't sound anymore and my tablet still doesn't work.

Sorry for the misunderstanding I didn't mean root as in root the user or super user, I meant it in the old X11 term of root window, widgets, etc.. .

If you have not heard the TechOverTea guy (Brody Robertson), he's fairly well informed, and gives a good context for various Linux type issues. Here's a long form discussion with another guy talking about direct experiences and comparisons between X.org wm/de and Wayland compositors.

https://www.youtube.com/watch?v=pDFcwvJKH5Y [full 2 hour long form interview/discussion]

These are some shorts taken from that long form interview
https://www.youtube.com/watch?v=F9ty1_1_ksE [8 minutes: coverying Hyprland]
https://www.youtube.com/watch?v=A_XOVoMER9M [12 minutes: writing on wall for X.org]

I think this discussion gives a good, up to date overview of where things are at. It's quite noteworthy that problem areas are getting resolved now, in almost real time, showing just how recent usable wayland compositors actually are.

I started listening to Brody's stuff fairly recently, and realized he tends to do very good, long form interviews on his TechOverTea channel, and regular longer form linux/foss focused stuff on his main channel.
https://www.youtube.com/@BrodieRobertson

https://www.youtube.com/watch?v=-XzBuFqIK0U [Completely Non Controversial Wayland Protocol]

These are basically podcast format so easy to listen to when you are doing something else. Not the worst way to spend time on areas maybe we aren't fully up on.

1 members found this post helpful.

Apart from popularity or subjective individual workflow preferences, I see 20+ years using Slackware without a single compromise and that includes administrating web facing servers and networks as well as my home desktop systems, as pretty decent evidence that my environments are sufficiently secure.

On the flip, it is likely true that the takeovers from systemd and pulseaudio, all freedesktop.org software iirc, may have me a tad paranoid. I am cool with Wayland making choices I can't afford or abide as long as Xorg is both still available as an option and doesn't follow suit in killing options. Since even Slackware Current recently disallowed running Xorg as root, at least from the User interface (kdesu dolphin doesn't work, but logging in to KDE as root still does) is this a harbinger of a trend? I sincerely hope not.

I sincerely have no wish that anyone accepts a less secure Desktop just to accommodate my workflow, but until I can see how an unused option is compromising security, I will resist such limitations.

2 members found this post helpful.

It is something like a speed racing in the city. You can never be sure that you will survive, but you can be so lucky, for years.

1 members found this post helpful.

It's kind of a weird situation too. Because personally I don't like sudo, because in essence you give a user account some root capabilities, indirectly, and sudo is and could be vulnerable. Ofcourse, many things can still be done as the user, and then what needs to be done as root can be done as root, it makes sense. However, it's also a bit of a mess...
The same thing could be said about containers and User Namespace, which is a kind of much worse sudo, which actually grants the user root capabilities, to be able to do alot of root stuff, as user. Ofcourse this mechanism have safeguards (like sudo does too), but the cat is out of the bag basically, because the user have been granted root capabilities (which it shouldn't have, directly or indirectly). Don't do it at root, rather give the user root capabilities seems to be the thought with that, and I don't personally like that. (pwnkit comes to mind?)

I don't think many things need to be done as root as all, most things can be done as user. So, if you need to do something as root, it's not really so bad to do it as root.

The whole design is not really optimal in any case, and is partly the reason for some messes that have some messy solutions. Perhaps it has more to do with the fundamental aspects of operating system designs. But on the other side, it is also a necessity, with no easy solution.

Well, since Xorg is root capable, it really stands or falls on it's own security implementations, and so does your whole computer environment if you use Xorg. I like Xorg and Xorg design, and I generally trust that it is secure, but this is a big issue, one which Wayland solved.

Well, this is quite important in the GNU/Linux world. Do one thing and do it well.. You fence things off and let some program use a capability that another one controls.. But that other program is not really exposed, a compartmental approach.

Ofcourse, this could become an issue in itself.. Just look at polkit and pwnkit story.

This reminds me of the rules of evidence standards (as used in Science, not Law, but they are similar), in that direct physical evidence and direct statistical evidence is always far more valid and trustworthy than anecdotal evidence. Anecdotal evidence can be absolutely true and trustworthy, and still only have a 50% chance of applying to any other case or instance. (And it is not always true!)

I have no problem with someone running their server as root all the time, unless I depend upon that service and its security. That is their call. IF it works best for them, that is fine with me. I will not, but they can. I tried Slackware, and while I liked it I ended up using everything else more. (Partly because no company I worked for or with would or could support a distribution without a certain standard of contracted corporate support and insurance. Business) There are security and operational standards for things that your business or life might depend on (some of which actually make sense), and running everything from root tends to violate those all over the place.

A maintainer of a distribution, deciding on the defaults for that distribution, is not considering the case of the one guy who has a workflow that might make them a great target for cyber criminals! The maintainer is trying to set defaults that will help PREVENT the average user from being a good and obvious target for attack. Restricting root access and running things with less privilege follows the Unix/Linux security model and leverages protections already active within the Linux Kernel and GNU systems. Operating with a separation between the GUI root window and display window operations provides a different kind of protection, that is less a protection against attack than a protection against software misbehavior and corruption of the display environment. You can run without that separation, and we do and have for a long time: but that does not mean it is smart or the ONLY way it should be done. I would prefer to work in ways most maintainers agree is reasonably secure and dependable, and when I want it a different way I have the skills to change it. (And If I had not the skills I would not want to change it without some self-education time to understand what to change, and why I might want to NOT!)

I like Wayland, and the performance I get from Plasma on Wayland using the latest versions. But then, I really like X.Org as well. And I liked XWindows! I run a lot from the command line, but GUI toys can be fun and productive.

At the end of the day we all run our own systems and can make them run as we please. (Or we get paid for running other peoples systems and must run them as THEY please.) Developers and maintainers set certain defaults and standards that they believe make the best sense, and any of us can take and modify those as we please for our own personal benefit. IF we need to make DEEP changes, we can always download the source and make our own spin with the changes we want. (FOSS RULES!)

Many of the main distributions have gone to SystemD complexity for, as far as I can tell, not other reason than that a Microsoft trained guy sold the RH team a bill of goods. I run them anyway, but I also regularly test run distributions that avoid SystemD and use runit, SysV Init, or another init system. The point is, we have that choice of porting something that requires SystemD to make it run properly on a non-systemd base. It is not even that hard, most of the time. It is up to us. IT has ALWAYS been up to us! If we dislike the way something works, we can make a version that works the way we want and share that out so that anyone else with the same need or desire can get the benefit as well. That is how this whole FOSS universe was created!

You could even make a slack-baby that requires EVERYTHING to run as root! I doubt your audience would even be even in double digits, but I might give it a spin. Not for production or anything critical, but just for fun. Because, the risk....

Re: Running X as root

I beg to differ. Racing on narrow, congested streets is a guaranteed high risk open for numerous instances of Chance and Happenstance, not to mention law enforcement, but running X as root with networking disabled poses no serious risk for such an isolated PC. Furthermore I have yet to see how having that option places anyone who doesn't use it at risk. QED - no risk.

If I am possibly mistaken about any risk I am taking, if you find my workflow alien and irresponsible, why should you care if it in no way affects you? If you can show me objective evidence that this compromises anyone, in actual security rather than in sensibilities, preferences and habit, I will adjust.

1 members found this post helpful.

Running X with network disabled is a bit like driving in your own garage. Low risk, but low utility as well.

It seems to me that people are trying to sell Wayland and Systemd as miracle systems.

The question that everybody wants to hear. Why did they create a new implementation from scratch and not help with the development and improvements of X11? No, they won't trap us with old habits coming from Windows.

Keep your idea, we keep our freedom of choice. I will always trust slackware and how things are done. This is coming from a layman who doesn't understand programming, but who understands that some solutions they want to present in the Linux world are simply unnecessary. My point of view. The choice will always be mine, not anyone else's.

2 members found this post helpful.

Did you not read their traffic? The Free Desktop team that maintains X11 (X.Org and Wayland) is a shrinking team, and they have not the resources to continue development on X.Org due to the complexity and (often brilliant) Kludges in the old code. X.Org is still maintained but "feature frozen" will they dedicate their time and efforts to creating Wayland, which will be a more simple, organized, clean codebase that they should be able to maintain and develop on into the future. If someone wants to pull X.Org code and maintain and develop on that the community is welcome, but they asked for anyone to take that on for almost a YEAR with no takers!

It is not that they are "trying to sell" anything, it is that they are doing the best they can and stretching limited resources to the best effect. If anyone wants to put together the people, machines, and money to help that would be wonderful!
(As long as it is not Microsoft! We all know where THAT leads! )

1 members found this post helpful.

True, which is why I only very rarely actually login to X as root. Instead most commonly I just want to run a file manager as root, in my case Dolphin, for a few minutes for quick edits of protected config files. Since I keep track of logins with a script in my ever present conky I will see any compromise rather quickly and the likelihood in just a few minutes is exceedingly slim, even if I forget to disable networking.

Bottom Line though - If that limited utility for me using X this way is OK for me, how is it not OK for anyone else? Why specifically disallow root access? Granted it might be a bit better if while running Dolphin as User and seeking to edit a protected file a login screen would pop up for permission, but frankly I don't see much difference between that and allowing su or sudo in a terminal within X or Wayland. So what's the big deal?