LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 02-17-2005, 01:00 AM   #1
nazdrowie
Member
 
Registered: Oct 2004
Distribution: Debian
Posts: 39

Rep: Reputation: 15
Can't run gui (X) programs as root user


I'm having some problems running gui applications as the root user. I did some reading and apparently this has something to do with better security. Is that correct? In any case, is there a work around? Here are the error messages and various things I had tried to fix the problem (notice that the gui apps run fine for the non-root user):

Code:
spiderweb:/home/krystian# some-gui-app
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified


Gtk-WARNING **: cannot open display: :0.0
spiderweb:/home/krystian# exit
krystian@spiderweb:~$ some-gui-app &
[2] 5024
krystian@spiderweb:~$ xhost +root
xhost:  bad hostname "root"
krystian@spiderweb:~$ su
Password:
spiderweb:/home/krystian# xhost +root
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified

xhost:  unable to open display ":0.0"
spiderweb:/home/krystian#
 
Old 02-17-2005, 01:26 AM   #2
jacks4u
Member
 
Registered: Dec 2004
Location: Phoenix, Arizona, USA
Distribution: Debian, RedHat, ???
Posts: 56

Rep: Reputation: 15
You are correct, with the security issues, and X. Many systems won't let root login to an X session. and, yes there are ways around this, that maintain security.

When I wish to run a root only X application (Ksysv, for example or a user manager, or perhaps ethereal, or others, this is what I do:

1) from an un-privledged user login, I use Konsole to start a root console, it asks for a password. You may also be able to 'su -' and get the same results.
2) for ethereal, I would enter this command, in the root console:
Code:
ethereal &
the ampersan places the command detaches it from the console, so that you can do other things while the command is running

It should be easy to change the security policy for your system, to allow root logins from X, but not advisable. and to tell you the truth, I've forgotten how to do that.

Hope this helps,
jacks4u

Never use the root login for ordinary user type things.
 
Old 02-17-2005, 01:32 AM   #3
jacks4u
Member
 
Registered: Dec 2004
Location: Phoenix, Arizona, USA
Distribution: Debian, RedHat, ???
Posts: 56

Rep: Reputation: 15
And as for the security issues: Most userspace programs run with the privledges of the user that started them. You wouldn't want something like IRC chat with root privledges.
 
Old 02-17-2005, 01:55 AM   #4
nazdrowie
Member
 
Registered: Oct 2004
Distribution: Debian
Posts: 39

Original Poster
Rep: Reputation: 15
Thanks for the reply.

I don't know if you noticed, but in the code section of my very first message, those are shell prompts ending with '#' and '$', which are root and non-root user respectively. In other words, I already tried running whatever gui app as non-root user, in which case it runs fine (as is shown by the lack of error messages after I execute the command 'some-gui-app &'), AND as the root user, which is when I get the error message -- and the program doesn't start at all. It doesn't matter if I 'su' or start a root console through the session menu in Konsole; I still get the error message, although it is more succinct when I start the root session through Konsole's menu bar:
Code:
spiderweb:~# nmapfe

Gtk-WARNING **: cannot open display:
notice that it doesn't have those Xlib references like the ones in the first post.
 
Old 02-17-2005, 02:01 AM   #5
reddazz
Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 73
Yeah the errors maybe different but the cause is the same, most distros don't allow any other user to run gui apps in an X session started by someone else. This is mainly for security reasons as mentioned by others. It used to frustrate me when I first started with Linux but after a while you realise that you don't really need to run gui apps as root.
 
Old 02-17-2005, 02:16 AM   #6
nazdrowie
Member
 
Registered: Oct 2004
Distribution: Debian
Posts: 39

Original Poster
Rep: Reputation: 15
What if those apps are only fully functional when run as root? Would you say that one doesn't need to run gui apps as root in those cases, too?

And another thing, why can't I log in as root through kdm? Cause logging in as root right off the bat (starting the x session as the root user) is the only solution you guys seem to be implying, but I can't even do that.
 
Old 02-17-2005, 04:18 AM   #7
reddazz
Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 73
People are not saying you should login as root via kdm. People are saying whilst logged in as a normal user, you can switch to root using "su" or run commands using "su -c". KDE also allows you to run some GUI apps as root, by doing "kdesu appname" in a console. This is not recommended however even though it's possible. KDM by default disables logins by root for security reasons. Some distros allow logins by root via kdm and also allow you to run gui apps as another user, but this can prove to be dangerous if something is wrong with the app. What exactly are you trying to do that needs a GUI app to be run as root.
 
Old 02-17-2005, 04:42 AM   #8
oneandoneis2
Senior Member
 
Registered: Nov 2003
Location: London, England
Distribution: Ubuntu
Posts: 1,460

Rep: Reputation: 46
If you're determined to get a GUI as root (altho there's no GUI app I'm aware of that needs to be run as root) then use Ctrl-Alt-F1 to get to a console, log in as root, and type:

startx -- :1

This will start a new X session on the next console up from your KDM login, which is on screen :0
 
Old 02-17-2005, 12:34 PM   #9
nazdrowie
Member
 
Registered: Oct 2004
Distribution: Debian
Posts: 39

Original Poster
Rep: Reputation: 15
Thank you for the replies, people.

reddazz,
how can people be saying that I should use 'su' or 'su -c', when I've already said (twice! before this post, which now brings the count up to three) that that's the problem and isn't working for me?
Thank you for the kdesu tip though, it does the trick (note that after using kdesu on nmapfe, it ran fine, while with 'su -c' or whatever permutation of the command you can throw at me, I get errors):

Code:
krystian@spiderweb:~$ kdesu nmapfe
krystian@spiderweb:~$ su -c nmapfe
Password:
Xlib: connection to ":0.1" refused by server
Xlib: No protocol specified


Gtk-WARNING **: cannot open display: :0.1
krystian@spiderweb:~$
I'm really curious why that is. Do any X server experts know what I could do to set up my system so the second of the above commands would work fine? I just don't like being dependent on kdesu; I prefer minimalist window managers and might get rid of kde altogether.

oneandoneis2,
you're not aware of nmapfe then?
 
Old 02-17-2005, 12:47 PM   #10
abisko00
Senior Member
 
Registered: Mar 2004
Location: Munich
Distribution: SuSE, Ubuntu
Posts: 3,511

Rep: Reputation: 58
OK, I am not an X server expert, but the problem is, as previously suspected, a security issue that doesn't allow a second user (which includes root) to access the X server that someone else has started. But there are workarounds, which are summarized for SUSE here (but it should work on other distros also):
http://portal.suse.com/sdb/en/2001/06/maddin_xhost.html

Another option is to access the X server via ssh instead of using su:
Code:
ssh -X -l root localhost
EDIT: the above code may also be saved as a script (e.g. as /usr/local/bin/rootX), which allows faster access to this command.

Most probably there are settings to allow other users this type of access in a more general way, but I simply don't know them

Last edited by abisko00; 02-17-2005 at 12:50 PM.
 
Old 02-17-2005, 01:47 PM   #11
oneandoneis2
Senior Member
 
Registered: Nov 2003
Location: London, England
Distribution: Ubuntu
Posts: 1,460

Rep: Reputation: 46
nmapfe is just a GUI frontend for nmap - a command line tool. If you really want to do a portscan, just use nmap from a terminal, you'll get the same info and none of this messing around with root X logins.
 
Old 02-17-2005, 02:57 PM   #12
nazdrowie
Member
 
Registered: Oct 2004
Distribution: Debian
Posts: 39

Original Poster
Rep: Reputation: 15
abisko00,
thanks for the pointers; unfortunately, they didn't solve my problem (your link looked promising but it didn't pan out, and the ssh method just gives me the same old error message).

oneandoneis2,
I'm perfectly well aware of what both nmap and nmapfe are. And if I really want to do a portscan I'll use whatever the hell I want thank you very much. I thought that's the whole point behind Linux, isn't it? i.e. choice! (trying to configure something in Linux can be a real time killer though -- i guess it's off to a gazillion man pages for me). Oh, and your 'startx -- :1' method works well -- thank you. By the way, do you know off the top of your head if I can control what window manager is started with the x session? (checked man page for startx but don't see anything...)

Thank you everyone for your replies.
 
Old 02-17-2005, 03:10 PM   #13
nazdrowie
Member
 
Registered: Oct 2004
Distribution: Debian
Posts: 39

Original Poster
Rep: Reputation: 15
I found the answer to the question in my most recent post:
- created a .xinitrc file in my home directory and appended the text 'exec fluxbox' to it
can this customization (the choice to select the window manager) be somehow done on the command line though?
 
Old 02-17-2005, 03:17 PM   #14
abisko00
Senior Member
 
Registered: Mar 2004
Location: Munich
Distribution: SuSE, Ubuntu
Posts: 3,511

Rep: Reputation: 58
Maybe a stupid question: do you try to use the X server locally or via telnet session? If the later is the case, try to uncomment this in /etc/X11/xdm/xdm-config:
Code:
! SECURITY: do not listen for XDMCP or Chooser requests
! Comment out this line if you want to manage X terminals with xdm
!
DisplayManager.requestPort:	0
Additionally, remove the '-nolisten tcp' option in /etc/X11/xdm/Xservers

Also, have a look in /etc/X11/xdm/Xaccess for access rules. Sorry, as I said before, I am no X specialist
 
Old 02-17-2005, 03:38 PM   #15
reddazz
Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 73
When running su -c it's done as follows,
$su -c "programname"
That will then run the program or commands in the double quotes. Yes, the double quotes have to be there, so in your case it would be.
$su -c "nmapfe"
You may need to do,
$xhost +localhost (your hostname should work as well) before using su -c
Personally I would just run nmap in console mode, but if you need a GUI, thats upto you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to run GUI program as root shadkong Slackware 8 09-20-2005 02:24 PM
GUI based SFTP programs that run in linux? Lleb_KCir Linux - Software 20 08-25-2004 04:02 PM
Can't run gui applications as root vdogvictor Linux - General 26 08-19-2004 08:24 PM
programs won't run on user (non-root) accounts....? once here Slackware 16 12-02-2003 08:44 AM
can't run X programs as root under suse 8.2 Moses420ca Linux - Newbie 1 09-05-2003 08:00 PM


All times are GMT -5. The time now is 02:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration