Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

xhost-command in Debian11

139 views
Skip to first unread message

BerndSchmittNews

unread,
Jun 15, 2021, 3:30:04 PM6/15/21
to
Hello.

I used to use xhost-command and su -l ... -c ... to run programs as a
different user in debian10. In debian11 I get an error about having no
DISPLAY env variable specified.

Does xhost work different now?



$ uname -a
Linux VB-Deb400 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19)
x86_64 GNU/Linux
$ xhost local:
non-network local connections being added to access control list
$ su -l notserious -c firefox
Passwort:
Error: no DISPLAY environment variable specified
robert@VB-Deb400:~$


Thx

Bernd

to...@tuxteam.de

unread,
Jun 15, 2021, 4:00:04 PM6/15/21
to
On Tue, Jun 15, 2021 at 09:21:10PM +0200, BerndSchmittNews wrote:
> Hello.
>
> I used to use xhost-command and su -l ... -c ... to run programs as a
> different user in debian10. In debian11 I get an error about having no
> DISPLAY env variable specified.
>
> Does xhost work different now?

No. It's the su, dropping the DISPLAY environment variable. Try adding
the option `--whitelist-environment=DISPLAY to your su command (hint:
you can add more variables to that whitelist, comma separated).

HTH, cheers
- t
signature.asc

BerndSchmittNews

unread,
Jun 15, 2021, 4:20:04 PM6/15/21
to
Hello tomas,


thanks for your answer.

On 15.06.21 21:51, to...@tuxteam.de wrote:
> No. It's the su, dropping the DISPLAY environment variable. Try adding
> the option `--whitelist-environment=DISPLAY to your su command

works like a charm.


Thank you
Bernd

to...@tuxteam.de

unread,
Jun 15, 2021, 4:40:04 PM6/15/21
to
Glad it helped.

See the manual page for pam_env and especially /etc/security/pam_env.conf
for a more permanent solution.

Cheers
- t
signature.asc

Charles Curley

unread,
Oct 22, 2021, 10:30:06 AM10/22/21
to
On Tue, 15 Jun 2021 21:51:28 +0200
<to...@tuxteam.de> wrote:

> Try adding
> the option `--whitelist-environment=DISPLAY to your su command (hint:
> you can add more variables to that whitelist, comma separated).

I just tried this. No joy.

charles@jhegaala:~$ echo $DISPLAY
:0.0
charles@jhegaala:~$ su -
Password:

Today is Setting Orange, the 3rd of The Aftermath, 3187. P'tang!
root@jhegaala:~# exit
logout
charles@jhegaala:~$ su --whitelist-environment=DISPLAY -
Password:

Today is Setting Orange, the 3rd of The Aftermath, 3187. This statement is false.
root@jhegaala:~# echo $DISPLAY
:0.0
root@jhegaala:~# xclock &
[1] 311078
root@jhegaala:~# No protocol specified
Error: Can't open display: :0.0

[1]+ Exit 1 xclock
root@jhegaala:~# emacs &
[1] 311095
root@jhegaala:~# No protocol specified
Display :0.0 unavailable, simulating -nw
fg
emacs
root@jhegaala:~#

--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

David Wright

unread,
Oct 22, 2021, 10:50:05 AM10/22/21
to
I think you need su --whitelist-environment=DISPLAY,XAUTHORITY -

Cheers,
David.

Reco

unread,
Oct 22, 2021, 11:00:07 AM10/22/21
to
Hi.

On Fri, Oct 22, 2021 at 08:25:36AM -0600, Charles Curley wrote:
> charles@jhegaala:~$ su --whitelist-environment=DISPLAY -

It won't be enough. You need this:

su --whitelist-environment=DISPLAY,XAUTHORITY -

Reco

Charles Curley

unread,
Oct 23, 2021, 2:40:05 PM10/23/21
to
On Fri, 22 Oct 2021 09:44:25 -0500
David Wright <deb...@lionunicorn.co.uk> wrote:

> > root@jhegaala:~#
>
> I think you need su --whitelist-environment=DISPLAY,XAUTHORITY -

Thank you, also to Reco.

I did:

$ alias su="su --whitelist-environment=DISPLAY,XAUTHORITY"

That works. So I will add that to my other aliases in ~/.bashrc and in
/etc/skel/.bashrc.

I tried editing /etc/security/pam_env.conf, as to...@tuxteam.de
suggested earlier, but that caused problems.

DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
XAUTHORITY DEFAULT="/home/charles/.Xauthority" OVERRIDE=${XAUTHORITY}

The DISPLAY line appears to work; that XUTHORITY line does not. It
caused /home/charles/.Xauthority to be owned by root, which in turn
caused problems when SSHing in as charles.

Keith Bainbridge

unread,
Oct 24, 2021, 2:00:06 AM10/24/21
to

On 24/10/21 05:31, Charles Curley wrote:
> alias su="su --whitelist-environment=DISPLAY,XAUTHORITY"


Doesn't that mean that when you type 'su' at a command prompt, the
response will be running the command
--whitelist-environment=DISPLAY,XAUTHORITY
as root.

You won't be able to switch to root using su in future?

--
All the best

Keith Bainbridge

keithrb...@gmail.com

Greg Wooledge

unread,
Oct 24, 2021, 9:20:06 AM10/24/21
to
On Sun, Oct 24, 2021 at 04:59:06PM +1100, Keith Bainbridge wrote:
>
> On 24/10/21 05:31, Charles Curley wrote:
> > alias su="su --whitelist-environment=DISPLAY,XAUTHORITY"
>
>
> Doesn't that mean that when you type 'su' at a command prompt, the response
> will be running the command
> --whitelist-environment=DISPLAY,XAUTHORITY
> as root.

No. It will run the command su --whitelist-environment=DISPLAY,XAUTHORITY
which has setuid privileges, and therefore will run with effective UID 0.

It's a lot like doing alias ls='ls --color=auto'

The second ls inside the alias expansion becomes the new command that
gets executed. Aliases don't recurse into themselves, which is by
design so that people can do things exactly like this.
0 new messages