XFS is the X font server and is typically used by the X windowing
system to render fonts.

1. Configuration

    The configuration for xfs is typically located in /etc/X11/fs/config.
    The man page for xfs says that the default location for the "config"
    file is /usr/X11R6/lib/X11/fs, but this is a symlink to /etc/X11/fs

2. Startup

    XFS is started via the init.d script /etc/init.d/xfs. This script
    locates the fontpath entries (using chkfontpath --list) and recaches
    fonts.* files (via fc-cache)

3. Font files

    Font files (truetype, Type1, etc) are contained within directories
    which must have the fonts.* files created within them. These
    directories must appear in the xfs config catalogue entry for them
    to be located by the font server. The fonts.* files can be re-created
    manually by running fc-cache in each font directory, however this
    will happen automagically when the init.d script for xfs is started.

4. Security

    A. Running xfs with the "droppriv" option

        Since xfs 6.8.x certain security precautions have been added to
        try and avoid unknown buffer overrun exploits. Specifically, 
        the "-droppriv" is implemented to ensure that the xfs instance
        is run as user "xfs". For this to work, there must be a user
        called "xfs", otherwise the xfs instance won't start and there
        won't be a font server for X, which will manifest as X failing
        to start with obscure messages like "can't locate "fixed" font"

        The xfs init.d script (/etc/init.d/xfs) now attempts to star
        xfs with the -droppriv option, which as caused some problems
        with FC4. One workaround for this is to simply remove this
        from the startup script. E.g., the xfs init.d script in rpm
        xorg-x11-xfs-6.8.2-37.FC4.49.2 has line 74 as:

           daemon xfs -droppriv -daemon

        Simply changing this to:

           daemon xfs -daemon

        Will provide a workaround at some expense in security.