Re: The best recommendation for allowing "su" in X
Hi, Marcelo, thanks for your comment. I did not explain myself well.
On Mon, Jul 08, 2002 at 02:19:04AM -0500, Marcelo E. Magallon wrote:
> >> Osamu Aoki <debian@aokiconsulting.com> writes:
>
> > What recommendation should I give to the reader for "su" in X?
> uhm... typing "su" perhaps?
Of course.
I should have said as follows to make my point clear.
If I want to do the equivalent of the following command sequence in xterm:
$ export XAUTHORITY=~/.Xauthority
$ su -c "GUI-command-which-needs-to-be-root"
How can I do this without typing the first line? Where is the best
place to set this environment variable XAUTHORITY?
Many system configuration newbie GUI commands need this environment.
> > 1) .profile or .bash_profile : If gnome-session is used, they do the
> > job. Maybe reasonable recommendation these days. But in non-gnome
> > environment, they do not work. (Because bash is not login shell)
>
> What, pray, has GNOME to do with this?
Nothing. My mistake. Thanks. I was wondering why. When I checked it,
it seemed to be this way. Wait a minutes. I guess I set environment
first in xterm and closed X session. Then restarted X and used the same
console. Sh--t. Anyway, this is out :)
> > 2) .xinitrc : only works for startx. (I use this)
>
> Uhm... what do you mean? I don't feel like unpacking the Debian
> xfree86 sources right now, but IIRC the X wrapper fiddles around with
> XAUTHORITY, so it shouldn't matter if you use .xinitrc, .xsesssion or
> nothing at all.
Here is .xinitrc for this.
#!/bin/sh
# This makes X work when I su to root.
if [ -z "$XAUTHORITY" ]; then
XAUTHORITY=$HOME/.Xauthority
export XAUTHORITY
fi
# invoke global X session script
. /etc/X11/Xsession
This set environment right. /etc/X11/xinit/xinitrc in Debian xfree86
just sources /etc/X11/Xsession.
> > 4) .xsession : Creating custom .xsession kills Debian's nice
> > configuration scheme. (Way to complicated)
If I do the following, I can get X started.
#!/bin/sh
# This makes X work when I su to root.
if [ -z "$XAUTHORITY" ]; then
XAUTHORITY=$HOME/.Xauthority
export XAUTHORITY
fi
#exec xterm
#exec x-window-manager
exec x-session-manager
But you loose access to the fine auto select feature between xterm,
x-window-manager, and x-session-manager which current Debian X comes
with. ssh-agent script is gone this way too. You can add them by hand but
that is not a situation I want to recommend.
> I don't understand. I *have* a .xsession and it works just fine.
Of course, you set up this file right. I had a working .xsession too :)
> > 5) Add /etc/X11/Xsession.d/10xfree86-common_su (see below) :
> > I ended up creating this file. This is a bit too much intrusive
> > action for novice users and may not be good to put in HOWTO-type
> > document.
>
> Not necessary AFAICS.
If I add /etc/X11/Xsession.d/10xfree86-common_su with:
# This makes X work when I su to root.
if [ -z "$XAUTHORITY" ]; then
XAUTHORITY=$HOME/.Xauthority
export XAUTHORITY
fi
any X session started by either startx or xdm, will have XAUTHORITY set
as environment as long as user do not override it by creating .xsession
for that account. This does not depend on shell. Except for deficiency
of "su" discussed in the other thread, "su" or "sudo" gives nice access
to screen for the GUI program run as root with XAUTHORITY set right.
After several comments, I know there are alternatives such as "symlink"
from root. Also specialized programs and scripts such as "sux",
"kdesu", "xsu", "gksu", "gksudo" or "gnome-sudo" ... which address
details.
--
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ +++++
Osamu Aoki @ Cupertino CA USA
See "Debian reference": http://www.debian.org/doc/manuals/debian-reference/
"Debian reference" Project at: http://qref.sf.net
I welcome your constructive criticisms and corrections.
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: