Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 29900 Details for
Bug 48793
A new quick HOWTO on using su with X.
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
HOWTO: su with X
su-x.xml (text/plain), 5.30 KB, created by
Joshua Preston
on 2004-04-23 08:49:21 UTC
(
hide
)
Description:
HOWTO: su with X
Filename:
MIME Type:
Creator:
Joshua Preston
Created:
2004-04-23 08:49:21 UTC
Size:
5.30 KB
patch
obsolete
><?xml version='1.0' encoding="UTF-8"?> ><!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> ><guide link="su-x.xml"> ><title>Using su in X HOWTO</title> ><author title="Author"> > <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail> ></author> > ><abstract> >This howto was designed to give some pointers when attempting to su as >root while logged into X as a normal user. ></abstract> > ><!-- The content of this document is licensed under the CC-BY-SA license --> ><!-- See http://creativecommons.org/licenses/by-sa/1.0 --> ><license/> > ><version>1.0</version> ><date>22 Apr 2004</date> > ><chapter> ><title>Introduction</title> ><section> ><title>Purpose</title> ><body> > ><p> >We've all been there, logged in as a normal user, and we need to do >run some X application as root. Maybe we just want to configure a >kernel with <e>make xconfig</e> and we get errors when we want to do >this. ></p> > ><p> ><pre caption="An example X error"> ><comment>(While running an xterm)</comment> > $ <i>su -</i> >Password: > # <i>xlogo -render</i> >Xlib: connection to ":0.0" refused by server >Xlib: No protocol specified > >Error: Can't open display: :0.0 ></pre> ></p> > ><p> >Fortunately for us, there are several ways we can do this. Some of the >suggestions here might not be the most secure and may just as well be a >hack; you'll have to decide which is the most appropriate for your >needs. ></p> > ></body> ></section> ><section> ><title>Running X as root</title> ><body> > ><p> >What kind of document would this be if there were no warnings? We'll >briefly cover some of the warnings and issues right here before we >start. ></p> > ><p> >Generally speaking, running X as the root (superuser) is a bad idea >altogether. Even running X programs as root is a topic of heated >debate. ></p> > ><p> >The following risks are associated with running X as root: ><ul> > <li>Data corruption</li> > <li>Unauthorized access</li> > <li>Potential leaks</li> ></ul> ></p> > ><p> >While most of these are caused by an inproperly configured X system, it >is still accepted as a bad idea. ></p> > ><p> >Users who are new to the Linux, are generally the culprits to running X >as root. ></p> > ><p> >Let's look at an example. I usually make it a habit to stop by and check >out the Gentoo IRC channels a few times a week. It almost never fails, >there is someone joining my channel who is using their root user to >connect to IRC. Talk about potential security risks! Depending on what >client that user is connecting with, I could do mean nasty things. For >example, I could DCC them a file, for instance, <path>.bashrc</path> . ></p> > ><p> ><pre caption="A malicious .bashrc"> >#!/bin/sh >logout ></pre> ></p> > ><p> >Now what if that user also had auto-start DCC transfers on? What if >that user also had the default user directory as <path>~/</path> ? It >appears that our little .bashrc would overwrite their existing one! So >upon that users next login, they are immediately logged out. ></p> > ><p> >Sound too far fetched? Think again! This is just ONE of many examples >of why using root is not a good idea, now compound that with the inner >workings and complexities of X, and you see our dillemma. ></p> > ></body> ></section> ></chapter> > ><chapter> ><title>Solutions</title> ><section> ><title>x11-misc/sux</title> ><body> > ><p> >Sux is described best from <uri link="http://fgouget.free.fr/sux/sux-readme.shtml">its homepage</uri>, >which is listed below: ><note> >Sux is a wrapper around the standard su command which will transfer your >X credentials to the target user. Sux is released under the terms of the >X11 license. ></note> ></p> > ><p> >Installing sux is as easy as emerging it! ><pre caption="Emerging Sux"> ># <i>emerge x11-misc/sux</i> ></pre> ></p> > ><p> >The following are some examples of using Sux. ><pre caption="Running an X program as root"> >$ <i>sux -c /usr/bin/X11/xlogo -render</i> >Password: <comment>(Enter root password and press enter)</comment> ></pre> ><pre caption="Running a shell as root"> >$ <i>sux -</i> >Password: <comment>(Enter root password and press enter)</comment> ># <i>xlogo -render</i> ></pre> ><impo> >Invoking a shell with root using sux will enable you to just type in an >X application, and will run it. ></impo> ></p> > ></body> ></section> ><section> ><title>KDE Users</title> ><body> > ><p> >KDE users have another option. <c>kdesu</c> is the KDE version su. >It will allow you to run X applications on the current users X much like >Sux, however it pop up an X window requesting the password and will not >run console applications. ></p> > ><p> ><impo> ><c>kdesu</c> was designed to run X applications only, ></impo> ></p> > ><p> >Usage of <c>kdesu</c> is as follows. ><pre caption="Running an X program with options as root"> ># <i>kdesu -c "/usr/bin/X11/xlogo -render"</i> ><comment>(you could also specify a different user, such as >diffuser)</comment> ># <i>kdesu -u diffuser -c "/usr/bin/X11/xlogo -render"</i> ></pre> ><pre caption="Running an X program without options as root"> ># <i>kdesu /usr/bin/X11/xlogo</i> ><comment>(you could also specify a different user, such as diffuser)</comment> ># <i>kdesu -u diffuser /usr/bin/X11/xlogo</i> ></pre> ></p> > ></body> ></section> ></chapter> ><chapter> ><title>Conclusion</title> ><section> ><title>Wrapping it up</title> ><body> > ><p> >There are numerous other ways to perform the above tasks, but I find >these to be the easiest methods. ></p> > ><p> >I hope you found this to be helpful and good luck with your new >knowledge. ></p> > ></body> ></section> ></chapter> ></guide>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=29900">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 48793
: 29900
