FreeBSD-11, Mate, Terminal, Gvim

Polytropon freebsd at edvax.de
Tue Jul 25 21:04:42 UTC 2017


On Tue, 25 Jul 2017 20:36:54 +0000, Manish Jain wrote:
> 
> > That is correct. Like "su -m", "xhost" is to be executed from
> > the (non-root) user that controls the display. But when you're
> > using the "su -m" approach, it usually isn't even needed.
> 
> 
> I tried this from my normal user shell (zsh)
> 
> su - -m root -c 'echo $SHELL'

That is more or less nonsense. :-)

Reason: "su -" is equal to "su -l", and "su -m" is (more or less)
the opposite of "su -m".


> That is not the right shell for root, which on my box uses bash.

There are good reasons not to change the root shell (except you
have certain precautions in place), but that should not matter
in this context.

It's possible that - depending on the shell this command has been
issued from -, $SHELL could have been expanded _before_ the command
is being executed.

Also note that "su -" and "su -l" perform a full login which can
affect the environment (and usually does), whereas "su -m" keeps
it intact as per the user who issued the command.

Don't use two options which contradict each other. :-)



> All the env variables : USER HOME SHELL are values for the normal user, 
> not the root user.

Those only change with a full login, because the login program
will set them according to the corresponding fields in /etc/passwd.



> But the mess is a bit deeper - even though I am using 
> the environment of the normal user (despite the leading - to su), I seem 
> to have root privileges. When I run
> 
> su - -m root -c gvim
> 
> I can actually edit the files that only root has write permission for.

To be expected. You've been performing a root login, no matter if
-l (equals -) or -m has been specified. I assume -m in this case.



> So largely, the su -m approach lets gvim work with root privelelges, 
> although the environment seems to be all wrong.

I don't think so. The environment of the current user is to be
preserved when -m is specified. See "man su" for details.



> 1) Is there some way I can actually do all the above from the root user 
> account, using the normal user's existing X server ? I think that 
> happens under Linux, so in theory it should be possible under FreeBSD 
> too (even if merely as a hack).

This is a severe security violation and that's why not easily
possible. There are good reasons to build specific barriers
into the system so you cannot easily shoot your foot. ;-)

>From a root login, you'd have to do something like this:

	# su <username> -c "setenv DISPLAY :0.0; xhost +"
	# setenv DISPLAY :0.0
	# xlogo
	(the X logo is being shown)

This is for use with the C shell. Substitute <username> with the
name of the user who owns and controls the X display.



> 2) gvim on my box has been compiled with GTK3+ support. GTK support 
> enables specifying a --socketid. I wonder what is that and how to get 
> the socket id of an existing GVIM session. Plus, could using socketid 
> solve the issue of running gvim from the root account directly ?

Note that root might need its own .vimrc and .vim/ configuration
directory. With the approach illustrated above, --socketid should
not be needed.




-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...


More information about the freebsd-questions mailing list