Startx as a regular user

Hey guys,

I’m trying to start X server as a regular user. I’ve created a snap command and I execute into it as my current user in the device (a Rpi3, btw), but I cannot since I hit this problem:

EE) parse_vt_settings: Cannot open /dev/tty0 (Permission denied)

Seems that regular user needs to belong to tty group in order to gain access to /dev/tty0. But that group is not into /var/lib/extrausers, so I’m not sure if it is possible make current user belong to that group. If I launch the command as root that works perfectly, but I would like to skip using root. Is there any other way I can solve this?

You can see all startx startup traces at:

X.Org X Server 1.18.4
Release Date: 2016-07-19
X Protocol Version 11, Revision 0
Build Operating System: Linux 4.4.0-45-generic armv7l Ubuntu
Current Operating System: Linux sieglinde 4.4.0-1030-raspi2 #37-Ubuntu SMP Thu Oct 20 15:06:25 UTC 2016 armv7l
Kernel command line: 8250.nr_uarts=1 dma.dmachans=0x7f35 bcm2708_fb.fbwidth=1824 bcm2708_fb.fbheight=984 bcm2709.boardrev=0xa02082 bcm2709.serial=0x13133fe5 smsc95xx.macaddr=B8:27:EB:13:3F:E5 bcm2708_fb.fbswap=1 bcm2709.uart_clock=48000000 vc_mem.mem_base=0x3dc00000 vc_mem.mem_size=0x3f000000 dwc_otg.lpm_enable=0 console=ttyS0,115200 console=tty0 elevator=deadline root=/dev/disk/by-label/writable net.ifnames=0 init=/lib/systemd/systemd ro panic=-1 fixrtc snap_core=core_1690.snap snap_kernel=pi2-kernel_22.snap
Build Date: 02 November 2016 10:05:15PM
xorg-server 2:1.18.4-0ubuntu0.2 (For technical support please see
Current version of pixman: 0.33.6
Before reporting problems, check
to make sure that you have the latest version.
Markers: (–) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: “/home/rmescandon/snap/thesnap/x6/.local/share/xorg/Xorg.1.log”, Time: Tue May 2 15:17:25 2017
(==) Using system config directory “/usr/share/X11/xorg.conf.d”
Fatal server error:
(EE) parse_vt_settings: Cannot open /dev/tty0 (Permission denied)
Please consult the The X.Org Foundation support
for help.
(EE) Please also check the log file at “/home/rmescandon/snap/thesnap/x6/.local/share/xorg/Xorg.1.log” for additional information.
(EE) Server terminated with error (1). Closing log file.
xinit: giving up
xinit: unable to connect to X server: Connection refused
xinit: server error
Couldn’t get a file descriptor referring to the console
xinit: giving up
xinit: unable to connect to X server: Connection refused
xinit: server error
Couldn’t get a file descriptor referring to the console



note that even if you manage to somehow start an Xorg session on an UbuntuCore install through hackery, your snaps will (and wont) be able to talk to the display.
this would require that the x11 snap interface is available in “snap interfaces” and that your snap would connect to it … since the x11 protocol is insecure and allows snaps to break out of confinement we will not add it to the UbuntuCore images.

to run graphical kiosk applications on a core IoT system you can use the mir-kiosk snap and have your app talk to it via the provided interface (i assume there will also be a wayland-kiosk snap at some point to allow standalone fullscreen apps to run on wayland)

Xorg is definitely nothing we plan to support on UbuntuCore.

documentation for mir-kiosk can be found at

In this particular case everything is in a single snap, the X11 server and the application which talks to it.

X11 is the way to go in this case, trust me.

Why are you trying at all to run X11 as a different user than root?

1 Like

@ogra is right about the x11 interface needing the ‘slot’ side to allow other snaps to talk to X. Furthermore, even if the access to /dev/tty0 was worked through, you would find that X requires a lot of other access to the system in order to run, and the current interfaces don’t allow that (the slot side of x11 would necessarily have to). It is possible for someone to implement the security policy for the slot side of the current x11 interface. I suspect that we would require manual connections in that case due to the problems with X security.

But to answer your question very specifically, /dev/tty0 is the current virtual console ( There are currently no interfaces that allow using /dev/tty0 (though one is in progress) so only a devmode snap could be used for this. The permissions on the device do not allow non-root to access this device:

$ getfacl /dev/tty0
getfacl: Removing leading '/' from absolute path names
# file: dev/tty0
# owner: root
# group: tty

There is currently no mechanism in snappy to change the permissions and there are limitations with nss-extrausers in that you can’t mix system user/groups (those in /etc/passwd and /etc/group) with extrausers (/var/lib/extrausers/passwd and /var/lib/extrausers/group). Snappy and users and groups (obsolete) use case ‘2’ would need to be implemented to allow access for non-root to /dev/tty0.

1 Like

First of all. Thanks to everybody for your quick and detailed answers. I think I got enough info in all your replies.
@Simon, Imagine that I can’t confine the snap for any reason and besides it is enough having it working in devmode. In that case, root is having more access to the system than a regular user. That’s why I was trying to start it avoiding root.

What alternative to Xorg should we expect in the future?
Mark Shuttleworth on Ubuntu Insights said that smartphone projects are abandoned, so are Unity8 and as a result Mir.
So basically Mir is a dead body, isn’t it?
The only alternative here is Wayland?

the mir-kiosk snap (and the mir-kiosk-apps demo snap) will stay maintained (there are customers using this AFAIK). i can imagine that we will eventually have a snap that provides a wayland like setup too, though as i understand the architecture here is different and you need actually a compositor to achieve the same with wayland.

so it wouldnt actually be a wayland-kiosk snap but rather a “$compositor-kiosk” snap using the wayland protocol. mir simply brings along a little more here out of the box …

@ogra Where is this mir-kiosk snap? I am trying to run a browser in my raspberry pi to have a kind of kiosk so this is exactly what I need, but
$ snap find mir-kiosk The search "mir-kiosk" returned 0 snaps

And this page returns a 404

Thanks for any pointers

snap find only searches the stable channel, apparently there was no stable release of the mir-kiosk, mir-libs and mir-kiosk-apps packages yet… but snap info is giving some detail here:

ogra@bbb:~$ snap info mir-kiosk
name:      mir-kiosk
summary:   "A minimal Mir based shell for kiosk type applications"
publisher: canonical
description: |
  A minimal Mir based shell for kiosk type applications
snap-id:     rW4inp7UbJb1YBxWr6SVebxa3Yv7K1Vm
  stable:    –               
  candidate: –               
  beta:      0.1   (28) 19MB -
  edge:      1.2.0 (33) 17MB -
ogra@bbb:~$ snap info mir-libs
name:      mir-libs
summary:   "A content snap serving mir related libraries"
publisher: canonical
description: |
  A content snap serving mir server and client libraries.
snap-id:     hfOyKSNBdLxwln6nUA6KnhqlY1bGIEhX
  stable:    –                
  candidate: –                
  beta:      0.1    (22) 19MB -
  edge:      0.26.1 (28) 18MB -
ogra@bbb:~$ snap info mir-kiosk-apps
name:      mir-kiosk-apps
summary:   "Example apps to run with mir-kiosk"
publisher: canonical
description: |
  Example apps to run with mir-kiosk
snap-id:     bMa7Nm8zOXlEoEg8OLUIoxgqihAMc9sT
  stable:    –             
  candidate: –             
  beta:      –             
  edge:      0.1 (16) 64MB -

so you can install them like:

snap install mir-libs --edge …

seems that the docs are gone is a mistake and will be corrected soon.

1 Like

thank you @ogra

is that currently the official/recommended way to run a web browser in ubuntu core? there’s no stable and standalone firefox or chromium snap?

i think the only one that can be used with mir-kiosk is the webbrowser-app snap, perhaps @oSoMoN knows more (not sure if he still works on this)

webbrowser-app is not being developed any longer.

I am however working on a chromium-browser snap. This is not considered stable yet (actually not even published in the store yet), but if you feel adventurous you can grab a snap from there and let me know how well it works for you.

looks like this uses the x11 and unity7 plugs though … for an install on UbuntuCore it will need to use the mir plug since we do not have x11 or unity7 on there.

1 Like

Right. Sorry I replied without reading context first. I’m focusing on X11 desktops for now.

So if webbrowser-app is not available and the new ones from @oSoMoN are for X, which is not available, what can I do? Am I screwed?
Could I try to package Firefox myself? It looks like no given the deeper problem is having a display server. Wayland is not available, mir is not available, X is not feasible.

Can I at least create some kind of hybrid system to install deb packages? It’s a pitty though. I chose Ubuntu Core because the idea of running a sandboxed browser for a kiosk makes a lot of sense to me

well, perhaps what @morphis said above (using a --devmode snap that bundles X11) might be the way to go atm …

I know that @oSoMoN’s work will result in a Gtk3 based chromium build that should theoretically also run on Mir then. perhaps simply waiting would be the solution.

Ok, I thought that bundling x11 was not possible at all as per your comment about Ubuntu core but if that works (even if with -devmode) then that’s OK. It will buy me time until something more secure comes out

Thank you for your help :slight_smile:

I’m sorry for the silly question. I want to try your snap but I have no idea how to put it in ubuntu core. there’s no wget or curl, no sftp or snap version of either of them. How do I push files to an ubuntu core installation?

scp is there.
Or rsync from your desktop.
Or Midnight Commander is great (mc), can connect your desktop to Ubuntu Core device using ssh protocol in a two-panel view. You can navigate inside your device and copy/move files as if it was on your desktop.

1 Like

Indeed. Although I’m not working on it myself, I know that there is ongoing work to make chromium work with Mir, so as soon as that’s working I’ll make sure the snap gets it.