[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: *term -ls, a summary

Hi Manoj, 

I think I am thinking the same thing but can you confirm it for me.
(This thread all started with my question for best practice of X
configuration regarding su and environment.)

On Fri, Jul 19, 2002 at 12:47:44PM -0500, Manoj Srivastava wrote:
> >>"Manfred" == Manfred Wassmann <debian-devel@NCC-1701.B.Shuttle.de> writes:
>  Manfred> Of course you will use an interactive non-login-shell when
>  Manfred> you start a subshell inheriting all settings from the
>  Manfred> environment set up by the parent (login-)shell.
> 	My parent process is not necesarily the login shell, but the
>  window manager; and these xterms still should inherit things set in
>  ~/.xsession -- like ssh-ask-password env stuff, and other things done
>  once on logging in to a windowing environment (which is different
>  from things done once on logins, common to consoles and windowing
>  environments)

I think I do the similar staff as I wrote in "Message-ID:
<[🔎] 20020710015140.GA28587@aokiconsulting.com>".  I think this is a
reasonable approach to set up environment for X until PAM issues are

I summarized it as  (picking hints from the thread.  I do not like the
use of .bashrc but ...)


  9.4.7 Gain root in X

   If a GUI program needs to be run with root privileges, use the following
   procedures to do so on a user's X server. Never attempt to start an X
   server directly from the root account in order to prevent possible
   security risks.

   Create the file /etc/X11/Xsession.d/00xfree86-common_environment from the
   root account, containing these lines:

      if [ -f "$HOME/.xenvironment" ]; then
          . $HOME/.xenvironment

   Create the following $HOME/.xenvironment file from the user account you
   will use to run GUI programs with root privileges under X:

      # This makes X work when I su to the root account.
      if [ -z "$XAUTHORITY" ]; then
              export XAUTHORITY

   Then run su in an xterm window. Now you can run GUI programs with root
   privileges on an ordinary user's X screen.

   Alternatively, sudo can be used:

      $ sudo xterm
      ... or
      $ sudo -H -s

   Here /root/.bashrc should contain:

      if [ $SUDO_USER ]; then
          sudo -H -u $SUDO_USER xauth extract - $DISPLAY | xauth merge -

   This works fine even with the home directory of the user on an NFS mount,
   because root does not read the .Xauthority file.

   There are also several specialized packages for this purpose: kdesu, gksu,
   gksudo, gnome-sudo, and xsu. Finally, three other methods can be used to
   achieve similar results: creating a symlink from /root/.Xauthority to the
   user's corresponding one; use of the script sux; or putting "xauth merge
   ~<USER_RUNNING_X>/.Xauthority" in the root initialization script.

   See more on the debian-devel mailing list.


~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ +++++
 Osamu Aoki @ Cupertino CA USA
 See "Debian reference": http://www.debian.org/doc/manuals/debian-reference/
 "Debian reference" Project at: http://qref.sf.net

 I welcome your constructive criticisms and corrections.

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: