Re: Simple little basic config questions

To: debian-user@lists.debian.org
Subject: Re: Simple little basic config questions
From: Colin Watson <cjwatson@debian.org>
Date: Thu, 30 Oct 2003 11:35:44 +0000
Message-id: <[🔎] 20031030113544.GA25424@riva.ucam.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20031030104037.19352B42@teufel.hartford-hwp.com>
References: <[🔎] Pine.LNX.4.33.0310300508430.4461-100000@debian.potter> <[🔎] 20031030104037.19352B42@teufel.hartford-hwp.com>

On Thu, Oct 30, 2003 at 05:40:37AM -0500, Haines Brown wrote:

> > each user has a session and a session key. this key is used to
> > authenticate yourself to the Xserver. Root as a key and each user
> > does.
> 
> Yes, that makes sense.
> 
> > so when you login as user and then switch to root, it tried to use your
> > root key to access the user session-- no go. 
> 
> ? When I login as user, and then "su - root," does not root then use
> its own session key? Are you saying that when I "su - root", root
> tries to use user's session key?

The explanation above about each user having a session key is strange
and confusing to my eyes.

When you start X, an X session is created, associated with the X server
you've started. There is one of these per server, not one per user.
Similarly, there is only one key (called a "cookie") for each X session,
not one per user. This lives in the .Xauthority file in the home
directory of whoever started X, but any other user who wants access to
the X server, including root, must get access to that .Xauthority file
somehow. ('xauth merge' etc. is the standard way to do this, but is a
bit fiddly; 'sux' wraps this all up in a convenient form.)

They must also find out the correct value of $DISPLAY, which again is
associated with the X server, and doesn't have one correct value that
you could just set globally for root or what-have-you.

> My understanding of Linux is that normally you want to log in as user
> because being root carries with it certain risks. But regularly, we,
> running as user, find that we need to do something that requires root's
> privileges, and so we "su - root". That's what I read in "Running
> Linux" and elsewhere. It's what I've been doing for years. 
> 
> So I assumed that by moving from RedHats to debian, things would
> continue as before. But they have not. So, the important question that
> still remains unansered: was my installation of debian flawed, or does
> debian simply work differently than what I assume?

'su - root' sets up your environment from scratch, and therefore deletes
the $DISPLAY variable. It's possible that Red Hat has a magic PAM module
for su that figures out what $DISPLAY is supposed to be and plugs it
back in, but that doesn't exist in Debian, and you shouldn't expect it
to exist in general on Unix systems. Your installation of Debian is not
flawed, just not the same as Red Hat.

'su root', without the dash, or just 'su' for short, would be better,
but still requires you to get the X cookie from somewhere. 'sux' does
all that for you.

'sudo' also appears to sort this out, although I think that's just
because it doesn't change $HOME, so it won't work if your home directory
is a root-squashed NFS mount. (If you don't know, it probably isn't.)

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- Re: Simple little basic config questions
  - From: <kmark+debian@pipeline.com>
- Re: Simple little basic config questions
  - From: brownh@hartford-hwp.com (Haines Brown)

Prev by Date: Re: Simple little basic config questions
Next by Date: setting permissions
Previous by thread: Re: Simple little basic config questions
Next by thread: Re: Simple little basic config questions
Index(es):
- Date
- Thread