On Mon, Oct 16, 2000 at 10:41:38AM +0100 or so it is rumoured hereabouts,
Telsa Gwynne thought:
> On Sun, Oct 15, 2000 at 08:21:15PM +0100 or thereabouts, Conor Daly wrote:
> > On Sun, Oct 15, 2000 at 02:30:55PM +0100 or so it is rumoured hereabouts,
> > Telsa Gwynne thought:
>
> [or didn't think, apparently!]
>
> > > you have to invoke it from the command line. You can't use the GNOME
> > > panel and launchers, because they are still owned by guest and will
> > > run as guest. So you have to know what the program is called in order
> > > to be able to start it.
> >
> > Err...
> > Did the following
> > cdaly@Hobbiton cdaly]$ su -
> > Password:
> > root@Hobbiton /root]# panel &
> ...
> > Got told there was a panel running already and said "OK", got my root
> > panel, fired up a gnome-terminal and linuxconf quite happily.
>
> Oh dear. I am a twit. All those commands I listed, and 'panel &' never
> occurred to me. I think it's because I have run out of room for panels :)
> I have found that people will do 'su' in a terminal, and if they're not
> familiar with the idea of shells, they'll assume they have now become
> root for everything they're doing in X. Then they try to click on things
> from their current non-root-owned panel (said user being 'guest' in
> the quoted stuff).
>
> Typically, I tried this, and two things happened:
>
> (a) I discovered you are quite right.
> (b) my normal user's panel crashed.
>
> Leaving the latter thing aside, I have asked around and learned far
> too much for a Monday morning.
>
> This only works if you start GNOME with 'startx', having logged in
> in at a non-graphical login. It will -not- work if you use 'gdm', or
> indeed anything based on xdm. (graphical logins) For the
> technically-inclined, this is something to do with the difference
> between host-based and session-based authentication. Apparently. So
> I am told. I wouldn't know.
Haven't tried it via gdm.
>
> This works for running things after you have su'd to root. Only
> root. It does not work for su'ing to other users. If you su to non-root
> users and start graphical apps, then you'll get something like this:
> Xlib: connection to ":0.0" refused by server
> Xlib: Client is not authorized to connect to Server
> Gtk-WARNING **: cannot open display: :0
> ...unless you do "xhost +localhost" before su'ing. Yes, I have actually
> checked this one. That holds for RH 7.0 at least.
Doesn't come up with the Win9x X-server since it has already done its
equivalent of "xhost +" probably for anything in the world too!
>
> It is possible (opinions vary here :)) that this is also a
> result of PAM (plugabble authentication module) and RH's use of
> it. If you're not running RH, Conor, then this is clearly a pile
> of poo :) I do know that part of the GNOME discussions about safely
> running root things when you started as a normal user involved how
> portable PAM was or wasn't.
>
Am running RH6.2, haven't a clue about PAM, must learn more about security
before I get an NTL 24-hour connection to the net. :-)
> > If you're going to su to root regularly, you should look at the
> > bash-prompt-HOWTO for info on setting up your root prompt to look
> > different. I have my root prompt as brightred on all machines while
> > root's X sessions have a bright red background as a gentle reminder not to
> > do an "rm -rf /*" !
> > :-)
>
> I do actually agree on this but I have to admit that I have been known
> cheerfully to do rm and then say yes to "really remove critically
> important file?" despite one or more of different prompts, different
> titlebars, different background colours, alias rm rm -i... It's
> possible they've stopped me doing it more often than I do, however!
> Although I stopped using different backgrounds for different users
> and different hosts: my screen looked like a rainbow but it gave me
> a headache. :)
>
Still happily in possession of "critically important file" and "critically
important directory structure" but I've been there, done that, ripped
t-shirt to shreds in frustration...
I'm especially fond of "rm -f" which will happily override
alias rm rm -i
--
Conor Daly <[EMAIL PROTECTED]>
Domestic Sysadmin :-)
_______________________________________________
techtalk mailing list
[EMAIL PROTECTED]
http://www.linux.org.uk/mailman/listinfo/techtalk
