Hi people, I created a interesting article wiki page for the new libcap 2 (from Hugo Doria) package that are in [testing] now. It cover all [core] packages that have setuid-root (all works fine), and the xorg-server(*) from [extra]. I invite all those who want to work with other packages that use setuid in [extra] and [community] (*) Preliminary ideas/tips for Xorg that not are currently in the wiki page: For example if you have a nvidia card, and if the kernel module isn't loaded when X start, The Xorg will load it, and create the necessary devs files (/dev/nvidia0 and /dev/nvidiactl). So there are two ways to do this load the kernel module before startx, and create device files manualy, or assing two more capabilities to Xorg (not a good idea) The minimun capabilities required: setcap cap_chown,cap_dac_override,cap_sys_rawio,cap_sys_admin+ep /usr/bin/Xorg If grant to load kernel modules and create devices nodes (_bad idea_): setcap cap_chown,cap_dac_override,cap_mknod,cap_sys_module,cap_sys_rawio,cap_sys_admin+ep /usr/bin/Xorg * cap_sys_admin: Seems that running xorg under VirtualBox isn't needed. * cap_chown is required for chown the "devs tty" on X start/stop * cap_sys_rawio is for accesing to /dev/mem (this will be became obsolete for KMS [Kernel Mode Setting]) * cap_dac_override is for writing the logs. Take Care -- Gerardo Exequiel Pozzi ( djgera ) http://www.djgera.com.ar KeyID: 0x1B8C330D Key fingerprint = 0CAA D5D4 CD85 4434 A219 76ED 39AB 221B 1B8C 330D