Re: addendum, Re: One-user system.

[Greg Wooledge <greg@wooledge.org>]

On Thu, Feb 10, 2022 at 06:37:04PM -0800, peter@easthope.ca wrote:
> root@joule:~# su peter
> peter@joule:~$ firefox-esr --display=:0
> Invalid MIT-MAGIC-COOKIE-1 keyUnable to init server: Could not connect: Connection refused
> Error: cannot open display: :0
> 
> peter, logged in directly, can run firefox.
> root, logged in directly, can run firefox.
> The above is from a security mechanism in firefox?

No, you simply haven't provided enough credentials to the X server.
It's the X server who's rejecting connections from "peter", because
"peter" has not presented the correct MIT-MAGIC-COOKIE (auth token).

In all honesty, if you have started X as root, my advice at this point
would be to get the HELL out of that X session.  Do not try to proceed.
Nothing good can result.

In the more usual scenario, you have started X as peter, and then used
su to become root.  It is precisely at this point where the X auth token
has become lost, as it's in the home directory of peter, not the home
directory of root.  If peter's home directory is on a local file system,
then root can probably read it.  In that case, you can simply do:

export XAUTHORITY=/home/peter/.Xauthority

And then the su session running as root will be able to authenticate to
peter's X server/session in order to run X clients.  (This doesn't mean
you should run firefox as root, though.  It just means you *can*.  You
have the literal authority to do so.  It's still a stupidly bad idea.)