From owner-freebsd-questions@freebsd.org Tue Jul 25 21:04:42 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8E6FED7E5C6 for ; Tue, 25 Jul 2017 21:04:42 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mailrelay13.qsc.de (mailrelay13.qsc.de [212.99.187.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.antispameurope.com", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0932C66F22 for ; Tue, 25 Jul 2017 21:04:41 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de ([213.148.129.14]) by mailrelay13.qsc.de; Tue, 25 Jul 2017 23:04:39 +0200 Received: from r56.edvax.de (port-92-195-203-176.dynamic.qsc.de [92.195.203.176]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 235FA3CBF9; Tue, 25 Jul 2017 23:04:38 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id v6PL4bM7003536; Tue, 25 Jul 2017 23:04:37 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Tue, 25 Jul 2017 23:04:37 +0200 From: Polytropon To: Manish Jain Cc: "byrnejb@harte-lyne.ca" , "freebsd-questions@freebsd.org" Subject: Re: FreeBSD-11, Mate, Terminal, Gvim Message-Id: <20170725230437.88caf5bd.freebsd@edvax.de> In-Reply-To: References: <20170725210647.6f4c8fcd.freebsd@edvax.de> <20170725215338.41ea83f0.freebsd@edvax.de> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-cloud-security-sender: freebsd@edvax.de X-cloud-security-recipient: freebsd-questions@freebsd.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mailrelay13.qsc.de with 7E564683F2A X-cloud-security-connect: mx01.qsc.de[213.148.129.14], TLS=1, IP=213.148.129.14 X-cloud-security: scantime:.1376 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jul 2017 21:04:42 -0000 On Tue, 25 Jul 2017 20:36:54 +0000, Manish Jain wrote: > > > That is correct. Like "su -m", "xhost" is to be executed from > > the (non-root) user that controls the display. But when you're > > using the "su -m" approach, it usually isn't even needed. > > > I tried this from my normal user shell (zsh) > > su - -m root -c 'echo $SHELL' That is more or less nonsense. :-) Reason: "su -" is equal to "su -l", and "su -m" is (more or less) the opposite of "su -m". > That is not the right shell for root, which on my box uses bash. There are good reasons not to change the root shell (except you have certain precautions in place), but that should not matter in this context. It's possible that - depending on the shell this command has been issued from -, $SHELL could have been expanded _before_ the command is being executed. Also note that "su -" and "su -l" perform a full login which can affect the environment (and usually does), whereas "su -m" keeps it intact as per the user who issued the command. Don't use two options which contradict each other. :-) > All the env variables : USER HOME SHELL are values for the normal user, > not the root user. Those only change with a full login, because the login program will set them according to the corresponding fields in /etc/passwd. > But the mess is a bit deeper - even though I am using > the environment of the normal user (despite the leading - to su), I seem > to have root privileges. When I run > > su - -m root -c gvim > > I can actually edit the files that only root has write permission for. To be expected. You've been performing a root login, no matter if -l (equals -) or -m has been specified. I assume -m in this case. > So largely, the su -m approach lets gvim work with root privelelges, > although the environment seems to be all wrong. I don't think so. The environment of the current user is to be preserved when -m is specified. See "man su" for details. > 1) Is there some way I can actually do all the above from the root user > account, using the normal user's existing X server ? I think that > happens under Linux, so in theory it should be possible under FreeBSD > too (even if merely as a hack). This is a severe security violation and that's why not easily possible. There are good reasons to build specific barriers into the system so you cannot easily shoot your foot. ;-) >From a root login, you'd have to do something like this: # su -c "setenv DISPLAY :0.0; xhost +" # setenv DISPLAY :0.0 # xlogo (the X logo is being shown) This is for use with the C shell. Substitute with the name of the user who owns and controls the X display. > 2) gvim on my box has been compiled with GTK3+ support. GTK support > enables specifying a --socketid. I wonder what is that and how to get > the socket id of an existing GVIM session. Plus, could using socketid > solve the issue of running gvim from the root account directly ? Note that root might need its own .vimrc and .vim/ configuration directory. With the approach illustrated above, --socketid should not be needed. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...