[opensuse] SUDO and YaST effects
I'm experimenting a little bit with sudo functionality and came across this interesting quirk. If I set up a user who is allowed to launch yast2 and then I run the sudo command, yast2 always reverts to yast (ncurses) instead of the GUI in GNOME. if I su into root and run 'yast2', yast2 always comes up in GNOME as the GUI. Why can't I SUDO a user to get yast2 gui? I just tested this on my SLES server and found the effect was the same as here on my 10.3 box. Intentional quirk or an oversight no one noticed before? -- ---Bryen--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 11/11/2007 10:41 AM, Bryen wrote:
I'm experimenting a little bit with sudo functionality and came across this interesting quirk.
If I set up a user who is allowed to launch yast2 and then I run the sudo command, yast2 always reverts to yast (ncurses) instead of the GUI in GNOME.
if I su into root and run 'yast2', yast2 always comes up in GNOME as the GUI.
Why can't I SUDO a user to get yast2 gui? I just tested this on my SLES server and found the effect was the same as here on my 10.3 box. Intentional quirk or an oversight no one noticed before?
It is probably an environment difference (probably Display) If you try launching yast2 from a console, not from within X, what do you get? I just tried it from Console 2, and that is correct. No DISPLAY environment variable set, not GUI Yast. -- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, 2007-11-11 at 11:36 +0800, Joe Morris (NTM) wrote:
On 11/11/2007 10:41 AM, Bryen wrote:
I'm experimenting a little bit with sudo functionality and came across this interesting quirk.
If I set up a user who is allowed to launch yast2 and then I run the sudo command, yast2 always reverts to yast (ncurses) instead of the GUI in GNOME.
if I su into root and run 'yast2', yast2 always comes up in GNOME as the GUI.
Why can't I SUDO a user to get yast2 gui? I just tested this on my SLES server and found the effect was the same as here on my 10.3 box. Intentional quirk or an oversight no one noticed before?
It is probably an environment difference (probably Display) If you try launching yast2 from a console, not from within X, what do you get? I just tried it from Console 2, and that is correct. No DISPLAY environment variable set, not GUI Yast.
-- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64
You're probably right that it is display environment related. I also tried it from Console2, though I got a different result than you. In my case, whether as root or as sudo, I still defaulted into yast (ncurses). Oh well. I just performed another experiment, using gedit.
From the command line as normal user, gedit gui launches. As root, gedit gui launches. As SUDO, I get "cannot open display." I'm guessing here that SUDO simply can't handle anything that launches into gui. (sigh)
I was hoping to succeed with an experiment where, say I have a user that I want to grant sudo rights to administer Apache2 via the 'yast2 http-server' module. I created a shortcut on the desktop of that user, and in properties, input the full sudo command. When I launched that shortcut, nothing happened. I guess our experiments above showing that SUDO doesn't like gui, proves that such a shortcut would be useless. :-( Hmm... I just googled and found a reference to gnome-sudo. "Definition: gnome-sudo: GUI frontend to sudo gnome-sudo will popup a dialog requesting the password for the user to run as (if necessary, sudo has caching), and copies ~/.Xauthority so that that user can reach it. This is to provide a way for GUI programs (such as package managers) to run in an easy, point-and-drool fashion." Gonna have to hunt down that package and see if it works here. Seems its on debian and uubuntu systems. -- ---Bryen--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Bryen wrote:
I'm experimenting a little bit with sudo functionality and came across this interesting quirk.
If I set up a user who is allowed to launch yast2 and then I run the sudo command, yast2 always reverts to yast (ncurses) instead of the GUI in GNOME.
if I su into root and run 'yast2', yast2 always comes up in GNOME as the GUI.
Why can't I SUDO a user to get yast2 gui? I just tested this on my SLES server and found the effect was the same as here on my 10.3 box. Intentional quirk or an oversight no one noticed before?
You're getting into the murky realm of the dividing line between the real user ID, and the effective User ID, and who has access to what resources. I remember a time when even a root process couldn't open an X-window on a user's desktop without first having the user change the security level on the display using the xhost command. THAT was a bug, because by definition, the superuser should be able to use any resource available when it requests access to it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Aaron Kulkis -
Bryen -
Joe Morris (NTM)