Non root Xorg

This guide Article description::provides instructions on running an X server with standard user account (non-root) permissions.

This has been successfully tested using Nouveau and Intel drivers. Note: configurations using Intel modesetting drivers provided via Mesa (e.g. for the  chipset), may not operate properly.

Additional prerequisites
Some of this support is relatively recent, and it may be necessary to install unstable packages. If it fails to work with stable, keywording certain packages may be necessary.

Rebuilding Xorg
Disable  USE flag and rebuild Xorg:

Making necessary changes to system
Now you can run X as user, however because none of login managers are currently capable of doing necessary permission handling it needs some workarounds. In particular, X run by user needs to be able to access files and it needs to be started directly as the user. Additionally, as with using direct rendering, the unprivileged user also needs access to the video hardware, typically achieved by adding them to the group (though certain login managers, such as ConsoleKit or systemd-logind may handle this for you).

To access files it's easiest to add them to group and allow user to access them.

Create udev rule to change group on boot:

Reload udev rules to get the new permissions

And finally, add your user to the necessary groups:

Log out and log back in (for the permissions changes to take effect), and then start X by running:

If logged in on  use  ; on   use , and so on.

X should now be running as an unprivileged user.

Security concerns
Running X as a normal user is generally a positive step for security, with the exception of multiuser or, especially, multiseat systems. With the direct access to input devices by the user, it becomes trivially possible to snoop on the input of another active user or run a background job to snoop on the input of a future user of the system. For such systems, it's likely better to choose a solution other than running X as the logged-in user (such as using setuid with a dedicated, unprivileged user or using setgid for the group).

Alternative method
In this section we will detail "setgid" mentioned above.

The objective is to run X as an unprivileged user without adding a user to the group. This can prevent user from accidentally or intentionally snooping on the input.

To achieve this goal we make use of setgid so that when a user starts X, the X server will be automatically granted permission to access input devices.

Change the ownership of :

Change the file permission of :

Now the user is not required to be in the group to run X server. To remove the user from group:

But the user still needs to be in the group:

Now start X as a regular user (see above) and X server should function well.