[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Simple little basic config questions

On Thu, Oct 30, 2003 at 06:30:14AM -0500, Haines Brown wrote:
> Colin Watson wrote:
> > No, I think if you had actually started X as root then you certainly
> > would have an appropriate $DISPLAY. The issue is not really rootness,
> > it's that $DISPLAY is set in the environment of the X session which is
> > run as the user who started X, and .Xauthority is in the home directory
> > of the user who started X, and it's quite easy to lose all that when
> > changing users. 'sux' is not a workaround, it's a valid solution.
> 
> I notice that .Xauthority in /root has zero size. If it is going to
> authenticate root for the x server, I should think there would be
> something in it.

root did not start X, and so it isn't authenticated. I'm not actually
sure what creates the zero-length .Xauthority file: I've got an empty
/root/.Xauthority too. I'd imagine, though, that 'sux' will fill it in
using 'xauth merge'.

> When you say "changing users," do you refer to logging in as user and
> then running "su - root"?

Yes.

> I assume virtually everyone does this regularly and successfully, and
> so I assume my inability to do it is a sign that I need to do a fix.

See my other message just a moment ago, please. 'su - root' is just
wrong if you expect to run X programs; it deliberately loses $DISPLAY,
and doesn't properly handle X cookies. Perhaps other systems have
special hacks to make it work (it wouldn't surprise me if they did), but
in general it doesn't work on Unix systems, and doesn't work on Debian.

However, 'su - root' is fine if you're just doing regular command-line
administration. (I'd use 'sudo' because I prefer to run commands only
one at a time as root rather than starting an interactive root shell,
but to each their own.)

> For years I didn't "loose all that", but could "su - root" as I
> needed. I still don't know whether my system's busted or if it is me
> ;-) That is, is "loosing all that" a natural occurance or a flaw in my
> setup? 

It is a natural occurrence.

> I presume every debian user who is both user and administrator of his
> machine (probably the majority) will occasionally want to su to become
> root (I assume everyone does that regularly). Certainly they all don't
> have Sux installed.  

I become root occasionally, but I almost never run X programs as root,
so no, this isn't an issue for me. I assume (and sincerely hope) that
this is the common case.

> I appreciate that one does not want to run as root, but I do it when
> installing a new system or retreat to it when user's account ceases to
> function. 

Using the root account for administration is fine, but I only ever use
command-line tools for administration. The X libraries are huge and have
had at least their fair share of security holes; I think privileged use
of them is unwise.

(It's still possible to write graphical administration tools that run
the graphical parts as an ordinary user and spawn small helper programs
to make changes that require root privileges, and if I were writing such
tools that's definitely the way I'd do it.)

Anyway, this is all normal. Your Debian installation is fine.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
Reply to: