Awesome.
Now having nVidia drivers with KMS support really becomes pressing. Even without Wayland, running X in user space is a real security progress.

OK, that worked and I can now use HW acceleration in a user X session. Two bugs remain: the sound card is not found, and Nemo loses track of where desktop icons belong. I haven't tried moving those icons back to their normal positions yet, as a write of those changes might kill whatever file their positions are stored in when using lightdm, a common bug after things like recovering from a late mount of /home/. If I can fix the sound issue and get those icon positions remembered, I will seek a way to routinely run the X session as a normal user. Possibly an autologin on console and a script as a display manager? These are single-user machines with only one user account plus root, so the security issues of multi-user machines do not apply. Would be really funny if some online attacker tried to use a browser exploit to get the priviliges X is running under, only to find those to be normal user priviliges...

if i remember correctly... same thing for sound. it has to be in pulse (or some other) group. just currious, are you running 2 sessions of same desktop and same user? that probably wouldn't be advised since you can move the floor of another (changing configurations and so on)

also, if you plan doing that from script and locked user, then you can probably just invoke "su - youruser -c startx /usr/bin/whateveryourun"

this is how i made my self 2nd sandboxed session for xbmc on my game machine

One session at a time only, also not using pulseaudio for performance reasons, hardware mixer available. Using systemd, maybe logind could be used for an autologin on tty7 with my Cinnamon session then opening there? The sound issue is that the sound card is not found at all, audio group or not. Also there are network management issues affecting only making new connections, something that came up today while setting up a machine for someone with a buggy graphics card and lightdm giving a black screen. X would come up manually from the console, but I had to get a lightdm session to work in order to hook to their network over wifi. Even startx as root didn't allow connection, only a lightdm initiated session permitted new connections, which once made always work no matter how X is started.

X always ran in user space. This step involves remove root rights and driver aperture.

seriously, i only saw strange things like that on faulty hw or completely fscked up system.

still, you could check soundcard presence in hardware trough udev, then checking device permissions. sometimes if you don't see hw...