FreeBSD-11, Mate, Terminal, Gvim

Manish Jain bourne.identity at hotmail.com
Tue Jul 25 21:14:44 UTC 2017




On 07/26/17 02:34, Polytropon wrote:
> On Tue, 25 Jul 2017 20:36:54 +0000, Manish Jain wrote:
>>
>>> That is correct. Like "su -m", "xhost" is to be executed from
>>> the (non-root) user that controls the display. But when you're
>>> using the "su -m" approach, it usually isn't even needed.
>>
>>
>> I tried this from my normal user shell (zsh)
>>
>> su - -m root -c 'echo $SHELL'
> 
> That is more or less nonsense. :-)
> 
> Reason: "su -" is equal to "su -l", and "su -m" is (more or less)
> the opposite of "su -m".
> 
> 
>> That is not the right shell for root, which on my box uses bash.
> 
> There are good reasons not to change the root shell (except you
> have certain precautions in place), but that should not matter
> in this context.
> 
> It's possible that - depending on the shell this command has been
> issued from -, $SHELL could have been expanded _before_ the command
> is being executed.
> 
> Also note that "su -" and "su -l" perform a full login which can
> affect the environment (and usually does), whereas "su -m" keeps
> it intact as per the user who issued the command.
> 
> Don't use two options which contradict each other. :-)
> 
> 
> 
>> All the env variables : USER HOME SHELL are values for the normal user,
>> not the root user.
> 
> Those only change with a full login, because the login program
> will set them according to the corresponding fields in /etc/passwd.
> 
> 
> 
>> But the mess is a bit deeper - even though I am using
>> the environment of the normal user (despite the leading - to su), I seem
>> to have root privileges. When I run
>>
>> su - -m root -c gvim
>>
>> I can actually edit the files that only root has write permission for.
> 
> To be expected. You've been performing a root login, no matter if
> -l (equals -) or -m has been specified. I assume -m in this case.
> 
> 
> 
>> So largely, the su -m approach lets gvim work with root privelelges,
>> although the environment seems to be all wrong.
> 
> I don't think so. The environment of the current user is to be
> preserved when -m is specified. See "man su" for details.
> 
> 
> 
>> 1) Is there some way I can actually do all the above from the root user
>> account, using the normal user's existing X server ? I think that
>> happens under Linux, so in theory it should be possible under FreeBSD
>> too (even if merely as a hack).
> 
> This is a severe security violation and that's why not easily
> possible. There are good reasons to build specific barriers
> into the system so you cannot easily shoot your foot. ;-)
> 
>  From a root login, you'd have to do something like this:
> 
> 	# su <username> -c "setenv DISPLAY :0.0; xhost +"
> 	# setenv DISPLAY :0.0
> 	# xlogo
> 	(the X logo is being shown)
> 
> This is for use with the C shell. Substitute <username> with the
> name of the user who owns and controls the X display.
> 
> 
> 
>> 2) gvim on my box has been compiled with GTK3+ support. GTK support
>> enables specifying a --socketid. I wonder what is that and how to get
>> the socket id of an existing GVIM session. Plus, could using socketid
>> solve the issue of running gvim from the root account directly ?
> 
> Note that root might need its own .vimrc and .vim/ configuration
> directory. With the approach illustrated above, --socketid should
> not be needed.
> 

I found the perfect way to do this : - )

Here is the preparation (as normal user) :

su -m root -c 'pw usershow my_normal_user_name &&\
touch /var/xauth.extract && \
chown my_normal_user_name /var/xauth.extract'

[ $? -eq 0 ] && xauth extract /var/xauth.extract $DISPLAY

Here is the follow-up (as root) :

xauth merge /var/xauth.extract

Now run whatever X stuff you want as root : - )

Regards
Manish Jain


More information about the freebsd-questions mailing list