LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris and OpenSolaris.
General Sun, SunOS and Sparc related questions also go here.

Notices

Reply
 
Search this Thread
Old 08-13-2007, 04:25 PM   #1
kebabbert
Member
 
Registered: Jul 2005
Posts: 462

Rep: Reputation: 41
X11 problems


I have been trying installing CentOS on BrandZ. It works, I can have xclock showing in a window on Solaris. X11 forwarding, that is. To get it working, I do "su". If I do "su -" it doesnt work, as I have messed my root acc up. I have tinkered with xauth, xhost + and lots of other stuff in the global Solaris zone. Now my Solaris root account is acting weird. Before, Solaris root account could show "gvim" as a window, but not anymore, only cli.

bash-3.00# gvim
Xlib: connection to "localhost:0.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
E233: cannot open display

bash-3.00# /usr/openwin/bin/xauth
Using authority file /root/.Xauthority
xauth> list
frasse:0 MIT-MAGIC-COOKIE-1 f1f1f9f4cfe8dad4c7d7fbd5c4c9f2cf
frasse/unix:0 MIT-MAGIC-COOKIE-1 f1f1f9f4cfe8dad4c7d7fbd5c4c9f2cf

The DISPLAY is empty string, "".

How do I get Solaris global zone root account working correctly again? I want to be able to type "gvim" without getting error msgs.





And, my .bash_profile exists but it doesnt execute? My root PATH is just /usr/sbin:/usr/bin
despite me having a long path in .bash_profile. Why is my PATH short? I think it was when I made a user "cbe" for compiling wine, that this happened? Before that, the PATH in .bash_profile was valid.

Last edited by kebabbert; 08-13-2007 at 04:41 PM.
 
Old 08-14-2007, 09:42 AM   #2
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris10, Solaris 11, Mint, OL
Posts: 9,506

Rep: Reputation: 360Reputation: 360Reputation: 360Reputation: 360
I don't understand the requirement for doing su to be able to use the BrandZ zone. Anyway, I'm afraid you are messing too much with the root account. My advice would be to leave its home directory as /, its shell as /sbin/sh and never log in as it again outside exceptional situations like singleuser mode.

Another point: you don't need to run gvim as root.

If you want to edit system files, either grant you the rights to write them through ACLs (1), or simply give your non root personal account full administrative rights (2). In the latter case, logout and login again for the change to take effect. Then you can run any command with root privileges by prefixing it with pfexec (eg: pfexec gvim file)

(1) setfacl -r -m user:kebabbert:rwx file

(2) /usr/sbin/usermod -P "Primary Administrator" kebabbert
 
Old 08-14-2007, 11:23 AM   #3
kebabbert
Member
 
Registered: Jul 2005
Posts: 462

Original Poster
Rep: Reputation: 41
When I create install programs, zones, format the drive, mount file systems, zpool, ifconfig, ass users, etc you mean that root acc is not necessary to do all this stuff? Ive read that you recommend against logging in as root ever, but I didn't thought you meant it literally? Or did you? O_o

If you did, never ever log in as root, then approach (2) seems neatest to me. If I do ansatz (2), I practically have root rights? Then I can do all those things I do as root?

And then I dont never ever log in as root again? As my root acc is acting a bit weird, I dont have to try to correct the problem because I will never ever log in as root again?
 
Old 08-14-2007, 12:41 PM   #4
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris10, Solaris 11, Mint, OL
Posts: 9,506

Rep: Reputation: 360Reputation: 360Reputation: 360Reputation: 360
Yes to all questions.

IMHO, the root account should be locked after installation, just like Ubuntu already does.

If you have a bunch of commands to run in a terminal, nothing prevents you to run "pfexec ksh" to avoid prepending pfexec to every command.
When done, just don't forget to exit the shell.
 
Old 08-14-2007, 12:48 PM   #5
kebabbert
Member
 
Registered: Jul 2005
Posts: 462

Original Poster
Rep: Reputation: 41
Holey Moley!!! o_O

This is elegant! There is much more into Solaris than a Windows user suspected. Shit, I have muuuuuch to learn. *gone to lock root account via smc*

I hope locking root doesnt matter if Solaris behaves troublesome, and I do really have to log in as root to fix the problem. No problemo with root locking then?

Thanx so much telling me these elegant things! I really like Solaris! It is fun, man! : o )

Last edited by kebabbert; 08-14-2007 at 12:56 PM.
 
Old 08-14-2007, 01:15 PM   #6
kebabbert
Member
 
Registered: Jul 2005
Posts: 462

Original Poster
Rep: Reputation: 41
But... what is the point of this arrangement? Now we have just moved the root rights to another user. This would be equivalent to if a user "su -" as soon as he needs to do something administrative? Writing "su -" corresponds to "pfexec bash"?
 
Old 08-14-2007, 02:39 PM   #7
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris10, Solaris 11, Mint, OL
Posts: 9,506

Rep: Reputation: 360Reputation: 360Reputation: 360Reputation: 360
Your last point makes sense.

However, locking the root account still prevents a root login shell to be run, either under a graphic environment or through a remote or local login prompt.

Solaris allows finer grain privileges but there is no real incentive in using them in your case as you are the only administrator of your machine. You are right granting you the full set of privileges is not that much different than using "su -" but at least removes the annoyance of asking you for root's password. By entering the pfexec prefix, you are also knowing you are about to execute a sensitive command, while if you have a root's login shell, you are tempted to run casual commands like a browser or other foreign untrusted applications with the risk for the system to be compromised. A mistake in a rm or similar command would be more damaging as root too.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
X11 performance problems Nathaniel Firet Linux - Software 6 12-29-2005 09:34 AM
x11 video problems! Svip Linux - Software 3 11-07-2005 05:01 PM
xorg-x11 6.8.2 problems... Regulus Linux - Software 4 09-18-2005 10:14 AM
Problems with X11 Johnburrell Linux From Scratch 7 06-07-2005 04:35 AM
X11 problems with i810 -- Piratero Slackware 2 12-16-2003 03:39 AM


All times are GMT -5. The time now is 06:59 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration