pin uxer It offers some important security benefits over the traditional startx(1) command.
Which?
"Which" is exactly my question. The quote is from FAQ
rvp nia You can switch VTs and ctrl+C the startx process to get a shell when the screen is locked
Option "DontVTSwitch" can help with that, but, in a kiosk-like setup, a user could get a shell just by exiting the main app.
exec startx is a generally recommended way to startx; when I run something in a tty via exec and then ^c, I get logged out, so I get no shell access. Have I missed something?
https://wiki.parabola.nu/Start_X_at_Boot :
There is a significant security difference when using plain startx instead of a login manager. Thus you run startx from your shell you are always able to switch from X (usually on tt7) back to tty1 (Ctrl+Alt+F1) and gain control over the user shell even when the screen is locked (e.g., via XScreenSaver, i3lock, etc.). A solution: replace exec startx with exec nohup startx > .xlog & vlock. This will start X, redirect the print out to ~/.xlog and lock the shell. Of course you need to install vlock first.
This I don't completely understand. How does one "gain control over the user shell" if while X is running, the shell is busy, and when X quits, the shell quits as well?
Why need a tty locker?
There also is sx, "a simple alternative to both xinit(1) and startx(1)", so I would extend the original question to:
xenodm vs startx vs sx
And, by now, only 1 concern has been expressed - shell access is potentially gainable, unless you wrap startx with exec (and maybe others like nohup and add a tty locker), but the FAQ says "benefits", in plural, so what are other benefits?
