[Sussex] ps options

Thomas Adam thomas at edulinux.homeunix.org
Sun Oct 30 10:45:55 UTC 2005 

Steve,

On Sat, Oct 22, 2005 at 10:26:29PM +0100, Steve Dobson wrote:

[ Slightly belated.  My apologies for this. ]

> The X11 graphics system is networked based. I've
> talked in the past about running X11 programs from
> root and what you need to do to set it up. see
> http://mailman.lug.org.uk/pipermail/sussex/2005-September/010716.html

I feel I have to comment on some of the suggestions in that email,
above. I'll prefix you're comments with "> " as usual.

> When `su'ing to root one should always use "su -".  The flag causes the

Ordinarily, I'd agree.  "su -" to force a login shell is generally a
"better" solution so that you get the (in this case) root's environment.
There are perfectly valid reasons, though, when "su -m" is preferred
over that.

> su(1) command to throw away the current users profile and replace it
> with the new users (the default being root).  Of course to be really
> safe you should use "/bin/su -" to make sure your not using a user
> hacked version of su(1).

I find it highly unlikely that one would ever have "." in their path, or
"su" aliased at the shell, but I suppose you never know.

> If you're going to be using a graphical program then before using "su -"
> one needs to first run the command "xhost +".  This allows any user to
> put a graphical window upon the user's display.  If you don't use "su -"
> but just "su" then the user's environment is still in place and his
> graphic authority is being used.

This is where I really have to disagree.  "xhost +" is the WORST thing
you can do.  People usually come back and whinge saying "But, buutttt I
I am the the only user on my system".  So?  So what?  That command has
effectively left your display wide-open to anyone that might feel the
need to connect to it.  Even:

xhost localhost+

... isn't much better.  Xhost works by hostname connections, which
represents a huge security risk -- not matter how "one off" such a
command might be, it's still bad pratice.  (I'm surprised -- you
mention security further up, regarding /bin/su, yet don't mention it
here as a flaw in security.)

The "correct" way to go about such thing is two-fold:

1.  Use a MIT-magic-cookie.  Whenever a user initiates a connection to
the Xserver, they're given an identity (a hash) that's stored in
~/.Xauthority.  Now, running programs as root (in any environment, be it
console or X11) is always an iffy subject.  But the slightly safer way
of doing that (and NOT xhost) is:

su -
xauth merge ~user_running_X11/.Xauthority
export DISPLAY=:0.0
myapp &

Or...
2. I'd probably not do that, and allow it to implicitly happen
via sudo [1] or use gksu{,do} or somesuch...

-- Thomas Adam

 [1] http://www.hantslug.org.uk/cgi-bin/wiki.pl?LinuxHints/PseudoRoot

--  
"Try not to want people to like you too much, you'll just need more and
more flatteries to recharge your batteries." -- Jeffrey Lewis.

More information about the Sussex mailing list