LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-27-2016, 12:00 AM   #1
aristosv
Member
 
Registered: Dec 2014
Posts: 215

Rep: Reputation: 3
running x on read-only raspbian


I am trying to run xserver on a read-only raspbian. I get the following errors.
Code:
root@ClientX:/var/log# startx
xauth:  error in locking authority file /root/.Xauthority
xauth:  error in locking authority file /root/.Xauthority

(EE) 
Fatal server error:
(EE) Cannot move old log file "/var/log/Xorg.0.log" to "/var/log/Xorg.0.log.old"
(EE) 
(EE) 
Please consult the The X.Org Foundation support 
	 at http://wiki.x.org
 for help. 
(EE) 
xinit: giving up
xinit: unable to connect to X server: Connection refused
xinit: server error
xauth:  error in locking authority file /root/.Xauthority
root@ClientX:/var/log#
So I tried to solve one problem at a time, but didn't get too far. First, I tried linking the .Xauthority file to /tmp which is mounted on tmpfs and its writable.

Quote:
root@ClientX:~# ls -la
total 28
drwx------ 3 root root 4096 Oct 27 07:52 .
drwxr-xr-x 21 root root 4096 Jan 1 1970 ..
lrwxrwxrwx 1 root root 16 Oct 27 07:52 .Xauthority -> /tmp/.Xauthority
-rw------- 1 root root 163 Oct 27 07:52 .bash_history
-rw-r--r-- 1 root root 570 Jan 31 2010 .bashrc
-rw-r--r-- 1 root root 140 Nov 19 2007 .profile
-rw------- 1 root root 27 Oct 26 22:24 .selected_editor
drwxr-xr-x 2 root root 4096 Jan 1 1970 .ssh
I tested it by writing to .Xauthority "echo hello > .Xauthority" and its writable. But still, when root tries to startx, it still complains for not being able to lock .Xauthority.

I didn't even get started on the second problem yet
Code:
Cannot move old log file "/var/log/Xorg.0.log" to "/var/log/Xorg.0.log.old"
I tried finding the xorg configuration file and see if there's an option to write .Xauthority and log files to antoher path, so I can put them in /tmp, but I read that xorg.conf doesn't exist any more.

Any suggestions on how to run xserver on a read-only raspbian?
 
Old 10-27-2016, 12:46 AM   #2
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,490

Rep: Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532
you can mount /var/log as tmpfs too, actually you must allow the system to write logs.
see man startx, it honors a variable named XAUTHORITY and also you will find some suggestion about related settings.
 
Old 10-27-2016, 09:05 AM   #3
aristosv
Member
 
Registered: Dec 2014
Posts: 215

Original Poster
Rep: Reputation: 3
I'm having trouble with the XAUTHORITY variable. No matter where I set it, the .Xauthority file is always created under ~/.Xauthority. I've tried setting "export XAUTHORITY=/tmp/.Xauthority" in ~/.profile, /etc/environment and in ~/.startxrc but no luck. It still gets created under ~/.Xauthority.
 
Old 10-27-2016, 12:26 PM   #4
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,490

Rep: Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532
man startx:
Code:
       XAUTHORITY               This  variable,  if  not  already defined, gets set to $(HOME)/.Xauthority.  This is to prevent the X server, if not given the -auth argument, from
                                automatically setting up insecure host-based authentication for the local host.  See the Xserver(1) and Xsecurity(7) manual pages for more informa‐
                                tion on X client/server authentication.
you may try to modify HOME, although it is not really suggested. you can try -auth, and also two other manuals were mentioned.
 
Old 10-27-2016, 01:22 PM   #5
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,907

Rep: Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510
Quote:
Originally Posted by aristosv View Post
I'm having trouble with the XAUTHORITY variable. No matter where I set it, the .Xauthority file is always created under ~/.Xauthority. I've tried setting "export XAUTHORITY=/tmp/.Xauthority" in ~/.profile, /etc/environment and in ~/.startxrc but no luck. It still gets created under ~/.Xauthority.
It is created when the X server is started - usually by the GUI startup process.

It doesn't HAVE to be in the users home directory. RH/CentOS/Fedora configure the GUI login to put it in a tmpfs mount (which gets dismounted when the user logs out).

But it has to be part of an overall security plan, not something piecemeal.

If you are planning on allowing users to save files (otherwise, the system gets rather useless), then you configure the GUI login to put it there. Easy if you login, then use the "startx" tool to start the GUI as you can then define the XAUTHORITY environment variable first, startx will then use it.
 
Old 10-28-2016, 01:01 AM   #6
aristosv
Member
 
Registered: Dec 2014
Posts: 215

Original Poster
Rep: Reputation: 3
I don't manually startx. When the OS is rw it starts automatically. When I edit /etc/fstab and mount ro it doesn't. That's why I run it manually and get the errors. So I need to edit whatever config file is read before startx and tell it to create .Xauthority somewhere else.

So how do I move /root/.Xauthority to /tmp/.Xauthority?
 
Old 10-28-2016, 01:48 AM   #7
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,490

Rep: Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532
Quote:
When the OS is rw it starts automatically. When I edit /etc/fstab and mount ro it doesn't
I don't think so. I would say it is started anyway, but will be stopped immediately in the second case.

You can still try to mount that read only and try to run startx by hand (and find out which settings will help you to make it work).
From the other hand you may try to create that file first and set filesystem ro.
 
Old 10-28-2016, 05:54 AM   #8
aristosv
Member
 
Registered: Dec 2014
Posts: 215

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by pan64 View Post
You can still try to mount that read only and try to run startx by hand (and find out which settings will help you to make it work).
This is exactly what's shown in my first post. Me trying to startx while read only

Quote:
Originally Posted by pan64 View Post
From the other hand you may try to create that file first and set filesystem ro.
Again, .Xauthority is there. When r/w startx starts automatically, when r/o it doesn't start. When I try to start it manually, I get the errors shown in the first post.
 
Old 10-28-2016, 06:22 AM   #9
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,907

Rep: Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510
Quote:
Originally Posted by aristosv View Post
This is exactly what's shown in my first post. Me trying to startx while read only


Again, .Xauthority is there. When r/w startx starts automatically, when r/o it doesn't start. When I try to start it manually, I get the errors shown in the first post.
And we keep telling you that there MUST be a read/write area to allow the creation of the authorization file. The key in the file is generated EVERY TIME it starts, it is unique to each run.

Of course when the area is read only it will fail. What else do you expect?
 
Old 10-28-2016, 06:32 AM   #10
aristosv
Member
 
Registered: Dec 2014
Posts: 215

Original Poster
Rep: Reputation: 3
I know. The question is, what do I configure, so it can write .Xauthority to /tmp (which is writable).
 
Old 10-28-2016, 07:07 AM   #11
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,907

Rep: Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510
Which release of Raspbian? The location changes with systemd - you might actually have an easier time looking at how the embedded versions handle things.

There is an assumption that Linux always uses an initrd to allow unusual setups using overlayfs to work with a read only root.

ONE way is to mount /home as tmpfs (or rather, mount /home/<user> as tmpfs) thus permitting the write.
Same goes for /var. In the case of /home/<user> I would suggest limiting the size to maybe 5-10MB; for /var/log limiting it to 20-30MB, then see what happens. Note, there will be some issues as /var/log uses subdirectories and may have to be setup (this is what the overlayfs mounts do for you, but the filesystems have to be setup before the overlay can be done.

A reference to using overlayfs (it is a script specifically for raspbian):
https://gist.github.com/niun/34c945d70753fc9e2cc7
 
Old 10-28-2016, 07:23 AM   #12
aristosv
Member
 
Registered: Dec 2014
Posts: 215

Original Poster
Rep: Reputation: 3
Wouldn't it be simpler and easier to just re-direct the creation of .Xauthority to /tmp? I get what you're saying but it feels like using a cannon to kill a fly. Too many changes to accommodate the creation of a single file. (2 if you consider the logs)

I mean surely there must be a way to tell xinit or startx to create the file in /tmp instead of ~/.Xauthority.

Edit: raspbian jessie
 
Old 10-28-2016, 08:00 AM   #13
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,907

Rep: Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510Reputation: 1510
Only by manually doing it, which you appear to have rejected.

If YOU use startx, then all you have to do is define/export the environment variable to startx.

Oh, and it is more than two log files involved. There is Xorg log files, auth log files, messages/journal ...

Not sure on Raspbian Jesse as it uses systemd. There ARE configurations of systemd that DO put the Xauthority elsewhere (not /tmp, as it is a shared directory, but in a per-user directory for credentials - I believe the Fedora release for ARM does this, and the Pi is supported, not sure about what is in the repository as I know it doesn't contain the same things that is in the x86-64 repository).

Last edited by jpollard; 10-28-2016 at 08:04 AM.
 
Old 10-28-2016, 10:24 AM   #14
aristosv
Member
 
Registered: Dec 2014
Posts: 215

Original Poster
Rep: Reputation: 3
I just said that startx starts automatically. I never said I reject starting it manually. So this is what I did.

- Removed lightdm, so no more login manager, and no more startx automatically on boot.
- Created a symbolic link of /var/log to /tmp, so log files can be written.
- Configured an unprivileged user to login automatically using /etc/systemd/system/getty@tty1.service.d/autologin.conf
- Added the XAUTHORITY variable and the startx command in /home/user/.profile.

Works like a charm.
Thanks for bearing with me.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Raspbian GNU/Linux upgrade from Wheezy to Raspbian Jessie 8 LXer Syndicated Linux News 1 06-09-2016 12:12 PM
Trouble installing and running routersploit on raspbian nooobster Linux - Newbie 3 05-24-2016 05:23 AM
I need help running Nestopia on Raspbian ibz096 Linux - Games 1 06-05-2015 06:28 AM
LXer: Raspberry Pi Basics: installing Raspbian and getting it up and running LXer Syndicated Linux News 0 02-09-2015 01:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 02:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration