Re: addendum, Re: One-user system.
On Thu, Feb 10, 2022 at 06:37:04PM -0800, peter@easthope.ca wrote:
> root@joule:~# su peter
> peter@joule:~$ firefox-esr --display=:0
> Invalid MIT-MAGIC-COOKIE-1 keyUnable to init server: Could not connect: Connection refused
> Error: cannot open display: :0
>
> peter, logged in directly, can run firefox.
> root, logged in directly, can run firefox.
> The above is from a security mechanism in firefox?
No, you simply haven't provided enough credentials to the X server.
It's the X server who's rejecting connections from "peter", because
"peter" has not presented the correct MIT-MAGIC-COOKIE (auth token).
In all honesty, if you have started X as root, my advice at this point
would be to get the HELL out of that X session. Do not try to proceed.
Nothing good can result.
In the more usual scenario, you have started X as peter, and then used
su to become root. It is precisely at this point where the X auth token
has become lost, as it's in the home directory of peter, not the home
directory of root. If peter's home directory is on a local file system,
then root can probably read it. In that case, you can simply do:
export XAUTHORITY=/home/peter/.Xauthority
And then the su session running as root will be able to authenticate to
peter's X server/session in order to run X clients. (This doesn't mean
you should run firefox as root, though. It just means you *can*. You
have the literal authority to do so. It's still a stupidly bad idea.)
Reply to: