Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm having some problems running gui applications as the root user. I did some reading and apparently this has something to do with better security. Is that correct? In any case, is there a work around? Here are the error messages and various things I had tried to fix the problem (notice that the gui apps run fine for the non-root user):
Code:
spiderweb:/home/krystian# some-gui-app
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified
Gtk-WARNING **: cannot open display: :0.0
spiderweb:/home/krystian# exit
krystian@spiderweb:~$ some-gui-app &
[2] 5024
krystian@spiderweb:~$ xhost +root
xhost: bad hostname "root"
krystian@spiderweb:~$ su
Password:
spiderweb:/home/krystian# xhost +root
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified
xhost: unable to open display ":0.0"
spiderweb:/home/krystian#
You are correct, with the security issues, and X. Many systems won't let root login to an X session. and, yes there are ways around this, that maintain security.
When I wish to run a root only X application (Ksysv, for example or a user manager, or perhaps ethereal, or others, this is what I do:
1) from an un-privledged user login, I use Konsole to start a root console, it asks for a password. You may also be able to 'su -' and get the same results.
2) for ethereal, I would enter this command, in the root console:
Code:
ethereal &
the ampersan places the command detaches it from the console, so that you can do other things while the command is running
It should be easy to change the security policy for your system, to allow root logins from X, but not advisable. and to tell you the truth, I've forgotten how to do that.
Hope this helps,
jacks4u
Never use the root login for ordinary user type things.
And as for the security issues: Most userspace programs run with the privledges of the user that started them. You wouldn't want something like IRC chat with root privledges.
I don't know if you noticed, but in the code section of my very first message, those are shell prompts ending with '#' and '$', which are root and non-root user respectively. In other words, I already tried running whatever gui app as non-root user, in which case it runs fine (as is shown by the lack of error messages after I execute the command 'some-gui-app &'), AND as the root user, which is when I get the error message -- and the program doesn't start at all. It doesn't matter if I 'su' or start a root console through the session menu in Konsole; I still get the error message, although it is more succinct when I start the root session through Konsole's menu bar:
Code:
spiderweb:~# nmapfe
Gtk-WARNING **: cannot open display:
notice that it doesn't have those Xlib references like the ones in the first post.
Yeah the errors maybe different but the cause is the same, most distros don't allow any other user to run gui apps in an X session started by someone else. This is mainly for security reasons as mentioned by others. It used to frustrate me when I first started with Linux but after a while you realise that you don't really need to run gui apps as root.
What if those apps are only fully functional when run as root? Would you say that one doesn't need to run gui apps as root in those cases, too?
And another thing, why can't I log in as root through kdm? Cause logging in as root right off the bat (starting the x session as the root user) is the only solution you guys seem to be implying, but I can't even do that.
People are not saying you should login as root via kdm. People are saying whilst logged in as a normal user, you can switch to root using "su" or run commands using "su -c". KDE also allows you to run some GUI apps as root, by doing "kdesu appname" in a console. This is not recommended however even though it's possible. KDM by default disables logins by root for security reasons. Some distros allow logins by root via kdm and also allow you to run gui apps as another user, but this can prove to be dangerous if something is wrong with the app. What exactly are you trying to do that needs a GUI app to be run as root.
If you're determined to get a GUI as root (altho there's no GUI app I'm aware of that needs to be run as root) then use Ctrl-Alt-F1 to get to a console, log in as root, and type:
startx -- :1
This will start a new X session on the next console up from your KDM login, which is on screen :0
reddazz,
how can people be saying that I should use 'su' or 'su -c', when I've already said (twice! before this post, which now brings the count up to three) that that's the problem and isn't working for me?
Thank you for the kdesu tip though, it does the trick (note that after using kdesu on nmapfe, it ran fine, while with 'su -c' or whatever permutation of the command you can throw at me, I get errors):
Code:
krystian@spiderweb:~$ kdesu nmapfe
krystian@spiderweb:~$ su -c nmapfe
Password:
Xlib: connection to ":0.1" refused by server
Xlib: No protocol specified
Gtk-WARNING **: cannot open display: :0.1
krystian@spiderweb:~$
I'm really curious why that is. Do any X server experts know what I could do to set up my system so the second of the above commands would work fine? I just don't like being dependent on kdesu; I prefer minimalist window managers and might get rid of kde altogether.
OK, I am not an X server expert, but the problem is, as previously suspected, a security issue that doesn't allow a second user (which includes root) to access the X server that someone else has started. But there are workarounds, which are summarized for SUSE here (but it should work on other distros also): http://portal.suse.com/sdb/en/2001/06/maddin_xhost.html
Another option is to access the X server via ssh instead of using su:
Code:
ssh -X -l root localhost
EDIT: the above code may also be saved as a script (e.g. as /usr/local/bin/rootX), which allows faster access to this command.
Most probably there are settings to allow other users this type of access in a more general way, but I simply don't know them
nmapfe is just a GUI frontend for nmap - a command line tool. If you really want to do a portscan, just use nmap from a terminal, you'll get the same info and none of this messing around with root X logins.
abisko00,
thanks for the pointers; unfortunately, they didn't solve my problem (your link looked promising but it didn't pan out, and the ssh method just gives me the same old error message).
oneandoneis2,
I'm perfectly well aware of what both nmap and nmapfe are. And if I really want to do a portscan I'll use whatever the hell I want thank you very much. I thought that's the whole point behind Linux, isn't it? i.e. choice! (trying to configure something in Linux can be a real time killer though -- i guess it's off to a gazillion man pages for me). Oh, and your 'startx -- :1' method works well -- thank you. By the way, do you know off the top of your head if I can control what window manager is started with the x session? (checked man page for startx but don't see anything...)
I found the answer to the question in my most recent post:
- created a .xinitrc file in my home directory and appended the text 'exec fluxbox' to it
can this customization (the choice to select the window manager) be somehow done on the command line though?
Maybe a stupid question: do you try to use the X server locally or via telnet session? If the later is the case, try to uncomment this in /etc/X11/xdm/xdm-config:
Code:
! SECURITY: do not listen for XDMCP or Chooser requests
! Comment out this line if you want to manage X terminals with xdm
!
DisplayManager.requestPort: 0
Additionally, remove the '-nolisten tcp' option in /etc/X11/xdm/Xservers
Also, have a look in /etc/X11/xdm/Xaccess for access rules. Sorry, as I said before, I am no X specialist
When running su -c it's done as follows,
$su -c "programname"
That will then run the program or commands in the double quotes. Yes, the double quotes have to be there, so in your case it would be.
$su -c "nmapfe"
You may need to do,
$xhost +localhost (your hostname should work as well) before using su -c
Personally I would just run nmap in console mode, but if you need a GUI, thats upto you.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.