How I broke and fixed Xauthority (permissions hell2)

[dcorleone]

So after the kdesu/gksu/GDM/KDM debacle, I'm back in business... The desktop's working right again, my kdesu's working... But there's one symptom left-over... Now, if I'm in a terminal and I su to root and try to run any X-based app which I often do, I might su then do a kedit /etc/X11/xorg.conf for example. Perfectly routine before the KDM/GDM nightmare, but now I get this:

Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified

kedit: cannot connect to X server :0.0

This one took quite a bit of web-surfing to resolve. I'm no linux-expert, I know just enough to get myself into trouble, so what I THINK happened was that the Xauthority got broken. When you're in a terminal as a regular user, you get a "cookie" that gives you permission to connect to the X-server and run grapical apps. Then when you su to become root, that cookie gets passed from your normal account to your temporary-root account. (I THINK) Somehow that connection that passes the cookie from normal to root got broken, so when I became root, I didn't have the Xauthority cookie I need to connect to the Xserver anymore.

I searched far and wide for a way to fix this, and NOBODY could come up with an answer. That connection was broken and there's not a linux-gnome on earth that knew how to fix it. There WERE a couple work-arounds tho. The first was cumbersome. Every time you want to su, you type this first:

xhost local:root

That'll give root that cookie, but you have to do it every time. The next solution was much more painless, but pretty scary. If you do a:

xhost +

at the command prompt, that will turn off the security/cookie mechanism so that ANYBODY can connect to the Xserver. No cookies required. That just screams security risk tho. The last one was the best fix and pretty damned close to the way things are SUPPOSED to run anyway.

That was to edit /root/.bashrc and add:

export XAUTHORITY=/home/name/.Xauthority

To the end of the file. ("name" being the name of my normal account, oc) Bashrc is what gets run whenever root starts a bash (shell) session. That sets it so that whenever root starts a session, it'll use the .Xauthority cookie from my normal account to get permission to launch x programs. And this is more or less the way it was designed. Instead of getting the cookie passed automatically, it gets it directly. This still isn't really a FIX, cuz something's obviously still broken, but since this workaround pretty much recreates the stuff that's broken anyway, it's a safe and simple way to get things back in gear again.

Neither of these things may ever be an issue for anybody else here, but as a relative n00bie myself, I can say it was a big pain in the ass to fix, so I thought I should post this stuff here just in case. Maybe it'll help somebody else untangle a mess like this a lot easier than it'd be without it.

[DaddyX3]

Thanks for coming back and editing the title - makes things a little clearer.

[TheeMahn]

So after the kdesu/gksu/GDM/KDM debacle, I'm back in business... The desktop's working right again, my kdesu's working... But there's one symptom left-over... Now, if I'm in a terminal and I su to root and try to run any X-based app which I often do, I might su then do a kedit /etc/X11/xorg.conf for example. Perfectly routine before the KDM/GDM nightmare, but now I get this:

Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified

kedit: cannot connect to X server :0.0

This one took quite a bit of web-surfing to resolve. I'm no linux-expert, I know just enough to get myself into trouble, so what I THINK happened was that the Xauthority got broken. When you're in a terminal as a regular user, you get a "cookie" that gives you permission to connect to the X-server and run grapical apps. Then when you su to become root, that cookie gets passed from your normal account to your temporary-root account. (I THINK) Somehow that connection that passes the cookie from normal to root got broken, so when I became root, I didn't have the Xauthority cookie I need to connect to the Xserver anymore.

I searched far and wide for a way to fix this, and NOBODY could come up with an answer. That connection was broken and there's not a linux-gnome on earth that knew how to fix it. There WERE a couple work-arounds tho. The first was cumbersome. Every time you want to su, you type this first:

xhost local:root

That'll give root that cookie, but you have to do it every time. The next solution was much more painless, but pretty scary. If you do a:

xhost +

at the command prompt, that will turn off the security/cookie mechanism so that ANYBODY can connect to the Xserver. No cookies required. That just screams security risk tho. The last one was the best fix and pretty damned close to the way things are SUPPOSED to run anyway.

That was to edit /root/.bashrc and add:

export XAUTHORITY=/home/name/.Xauthority

To the end of the file. ("name" being the name of my normal account, oc) Bashrc is what gets run whenever root starts a bash (shell) session. That sets it so that whenever root starts a session, it'll use the .Xauthority cookie from my normal account to get permission to launch x programs. And this is more or less the way it was designed. Instead of getting the cookie passed automatically, it gets it directly. This still isn't really a FIX, cuz something's obviously still broken, but since this workaround pretty much recreates the stuff that's broken anyway, it's a safe and simple way to get things back in gear again.

Neither of these things may ever be an issue for anybody else here, but as a relative n00bie myself, I can say it was a big pain in the ass to fix, so I thought I should post this stuff here just in case. Maybe it'll help somebody else untangle a mess like this a lot easier than it'd be without it.

Why su when there is sudo is the first question I must ask? sudo was invented / made to make it so these head aches dont exist. I have spoken with you before and you are not used to the way things work in ubuntu, even though you are a avid user of many other *nix's I would suggest a look at a beginners guide to ubuntu, I am not trying to slam you & know you to be knowledgeable, but things are different in Ubuntu, I hope I have not upset you.

TheeMahn

[dcorleone]

Oh I know how to sudo too, but it has a different impact on ownership and permissions stuff than running stuff as su. I use kdseu or sudo most of the time, but I also need to have a root terminal open too. Besides, the whole debacle was an excuse to learn a lot of stuff long the way. You don't learn anything when things work RIGHT... I mean really sudo and kdesu and gksu are just half-assed work-arounds themselves.

To be honest, I haven't had a chance to read much of anything yet. Got my desktop up and running, FINALLY got the software assortment figured out, got things organized and usable. That was the first thing. Now I'm FINALLY done with all that, so I can start learning the ins and outs in a little more depth now.

I know I'm not alone with this situation. There's tons of posts about exactly this. There's lots of ways to work AROUND it, so it's mostly just a matter of curiosity about what happened to make it do that more than anything. And I figured somebody else might bump into this situation too, so thought it might be a good idea to "blog" about it, so to speak.

Good distro. I've run outa bugs that I DIDN'T make myself to nitpick about... I gotta make some of my own to keep it fun.