Date: Tue, 25 Jul 2017 21:14:40 +0000 From: Manish Jain <bourne.identity@hotmail.com> To: Polytropon <freebsd@edvax.de> Cc: "byrnejb@harte-lyne.ca" <byrnejb@harte-lyne.ca>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: FreeBSD-11, Mate, Terminal, Gvim Message-ID: <VI1PR02MB12001763910BE8FB395166D4F6B80@VI1PR02MB1200.eurprd02.prod.outlook.com> In-Reply-To: <20170725230437.88caf5bd.freebsd@edvax.de> References: <a973035703bd510d1226163df5ac9a34.squirrel@webmail.harte-lyne.ca> <20170725210647.6f4c8fcd.freebsd@edvax.de> <VI1PR02MB1200A48204221928325FC148F6B80@VI1PR02MB1200.eurprd02.prod.outlook.com> <20170725215338.41ea83f0.freebsd@edvax.de> <VI1PR02MB1200CA799271D535917ED023F6B80@VI1PR02MB1200.eurprd02.prod.outlook.com> <20170725230437.88caf5bd.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07/26/17 02:34, Polytropon wrote: > On Tue, 25 Jul 2017 20:36:54 +0000, Manish Jain wrote: >> >>> That is correct. Like "su -m", "xhost" is to be executed from >>> the (non-root) user that controls the display. But when you're >>> using the "su -m" approach, it usually isn't even needed. >> >> >> I tried this from my normal user shell (zsh) >> >> su - -m root -c 'echo $SHELL' > > That is more or less nonsense. :-) > > Reason: "su -" is equal to "su -l", and "su -m" is (more or less) > the opposite of "su -m". > > >> That is not the right shell for root, which on my box uses bash. > > There are good reasons not to change the root shell (except you > have certain precautions in place), but that should not matter > in this context. > > It's possible that - depending on the shell this command has been > issued from -, $SHELL could have been expanded _before_ the command > is being executed. > > Also note that "su -" and "su -l" perform a full login which can > affect the environment (and usually does), whereas "su -m" keeps > it intact as per the user who issued the command. > > Don't use two options which contradict each other. :-) > > > >> All the env variables : USER HOME SHELL are values for the normal user, >> not the root user. > > Those only change with a full login, because the login program > will set them according to the corresponding fields in /etc/passwd. > > > >> But the mess is a bit deeper - even though I am using >> the environment of the normal user (despite the leading - to su), I seem >> to have root privileges. When I run >> >> su - -m root -c gvim >> >> I can actually edit the files that only root has write permission for. > > To be expected. You've been performing a root login, no matter if > -l (equals -) or -m has been specified. I assume -m in this case. > > > >> So largely, the su -m approach lets gvim work with root privelelges, >> although the environment seems to be all wrong. > > I don't think so. The environment of the current user is to be > preserved when -m is specified. See "man su" for details. > > > >> 1) Is there some way I can actually do all the above from the root user >> account, using the normal user's existing X server ? I think that >> happens under Linux, so in theory it should be possible under FreeBSD >> too (even if merely as a hack). > > This is a severe security violation and that's why not easily > possible. There are good reasons to build specific barriers > into the system so you cannot easily shoot your foot. ;-) > > From a root login, you'd have to do something like this: > > # su <username> -c "setenv DISPLAY :0.0; xhost +" > # setenv DISPLAY :0.0 > # xlogo > (the X logo is being shown) > > This is for use with the C shell. Substitute <username> with the > name of the user who owns and controls the X display. > > > >> 2) gvim on my box has been compiled with GTK3+ support. GTK support >> enables specifying a --socketid. I wonder what is that and how to get >> the socket id of an existing GVIM session. Plus, could using socketid >> solve the issue of running gvim from the root account directly ? > > Note that root might need its own .vimrc and .vim/ configuration > directory. With the approach illustrated above, --socketid should > not be needed. > I found the perfect way to do this : - ) Here is the preparation (as normal user) : su -m root -c 'pw usershow my_normal_user_name &&\ touch /var/xauth.extract && \ chown my_normal_user_name /var/xauth.extract' [ $? -eq 0 ] && xauth extract /var/xauth.extract $DISPLAY Here is the follow-up (as root) : xauth merge /var/xauth.extract Now run whatever X stuff you want as root : - ) Regards Manish Jain
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?VI1PR02MB12001763910BE8FB395166D4F6B80>