Re: lug-bg: startx [was: Problem s Xsevera]
- Subject: Re: lug-bg: startx [was: Problem s Xsevera]
- From: danchev@xxxxxxxxx (George Danchev)
- Date: Tue, 9 Jul 2002 19:21:03 +0300
On Tuesday 09 July 2002 17:53, ßñåí Ïðàìàòàðîâ wrote:
> On Tue, Jul 09, 2002 at 03:33:47PM +0300, George Danchev wrote:
>
> >òàì å ðàáîòàòà ÷å íå ïîìíÿ íÿêúäå äà ñúì ïðî÷åë òîâà â
> >/usr/share/doc/xserver-* . ðåøèõ òàêà (ìîæå äà ãðåøà, ðàçáèðà ñå) ñëåä
> >ñëåäíèÿ òåñò: èçêîïèðàõ âñè÷êè ôàéëîâå íà root â home-a íà åäèí ïîòðåáèòåë
> >
(çà äà íå ïðîïóñíà íåùî êîåòî ã èìà ñàìî root), ïðîìåíèõ ñîáñòâåíîñòòà,
> > âêë è íà ~.Xauthority. ïðîìåíèõ ïðàâàòà òàêà ÷å âñè÷êè äà ìîãàò äà ïèøàò
> > â /var/log/Xfree86.log. Â /etx/X11/Xwrapper.config* ñëàãàõ çà
> >allowed_user=console è all ...
>
>
> Àìè íå ðàçáèðàì ìíîãî çàùî ãî ïðàâèø...
ÎÊ, ñåãà ùå òè îáÿñíÿ çàùî ;-)
(òîâà ìîæå è äà å å debian specific, ìîæå è äà íå å)
# man Xwrapper.config
NAME
Xwrapper.config - configuration options for X server wrapper
DESCRIPTION
/etc/X11/Xwrapper.config contains a set of flags that determine some
of the behavior of Debian's X server wrapper, which is installed on the
system as /usr/X11R6/bin/X. The purpose of the wrapper, and of this
configuration file, is twofold.
Firstly, it is intended to implement sound security practices.
Since the X server requires superuser privileges, it may be unwise to permit
just any user on the system to execute it. Even if the X server is not
exploitable in the sense of permitting ordinary users to gain elevated
privileges, a poorly-written or insufficiently-tested hardware driver for the
X server may cause bus lockups and freeze the system, an unpleasant
experience for anyone using it at the time.
Secondly, a wrapper is a convenient place to set up an execution
environment for the X server distinct from the configurable parameters of the
X server itself.
Xwrapper.config may be edited by hand, but it is typically configured
via debconf, the Debian configuration tool. The X server wrapper is part
of the xserver-common Debian package, therefore the parameters of
Xwrapper.config may be changed with the command dpkg-reconfigure
xserver-common. See dpkg-reconfigure(8) for more information.
The format of Xwrapper.config is a text file containing a series of
lines of the form
name=value
where name is a variable name containing any combination of numbers,
letters, or underscore (_) characters, and value is any combination of
letters, numbers, underscores (_), dashes (-). value may also contain
spaces as long as there is at least one character from the list above
bounding the space(s) on both sides. Whitespace before and after name,value,
or the equals sign is legal but ignored. Any lines not matching the above
described legal format are ignored. Note that this specification may change
as the X server wrapper develops.
Available options are:
allowed_users
may be set to one of the following values: rootonly, console,
anybody. "rootonly" indicates that only the root user may start the X
server; "console" indicates that root, or any user whose controlling TTY is a
virtual console, may start the X server; and "anybody" indicates that any
user may start the X server.
nice_value
may be any integer in the interval [-20,19]. This is used to
set the executing X server's process priority. See nice(1).
SEE ALSO
dpkg-reconfigure(8), nice(1)
AUTHOR
This manpage was written by Branden Robinson for Progeny Linux
Systems, Inc., and Debian GNU/Linux.
Debian GNU/Linux 6 Jan 2001
Xwrapper.config(5)
> $adduser test
> [.... tintiri-mintiri, prostotii...]
> -> òîâà, êîåòî ìè å êîïèðàëî îò /etc/skel, ðàçëè÷íî îò .mc, .fluxbox è
> íÿêîè êîíôèãóðàöèè - muttrc, gtkrc, bashrc è ò.í. å ".xsession". Íî è íåãî
> íà
ðúêà ñúì êîïèðàë â skel...
>
> Èçëèçàì â íîâà êîíçîëà..., ïðîáâàì....
> wishmaster login: test
> Password:
> [....tintiri-....;)]
> test@wishmaster:~$ startx
>
> ðàáîòè ñè... òðúãâà Õ, çàëåæäà ñå ìåíèäæúðà (çà 2-3 ñåêóíäè, fluxbox;))
> â Xwrapper.config íèùî íå å ïèïàíî â debconf section-à è allowed_user=
> console ñàìî, áåç "all"...
èìàõ ïðåäâèä anybody , è äà ñëàãà ñå ñàìî ïî åäíî èëè anybody, èëè rootonly
èëè console.
> Êîëêîòî äî .Xauthority, òîé íå ñå ëè ñúçäàâà îò ñàìèÿ Õ, çàùî èçîáùî ãî
> êîïèðàø îò /root?...
è X-ñà ñè ãî ãåíåðèðàùå ïðè startx, è âçåõ òîçè îò root è ìó ñìåíèõ
ñîáñòâåíîñòòà äà îïèòàì-> no luck ;-)
> > íî ïúê îò äðóãà ñòðàíà çíàì ÷å XFree86 òðÿáâà äà ïèøå â /dev/mem (íåùî
> >äîñòà îïàñíî) è çà òîâà òðÿáâà äà å suid root, òàêà ëè å íà íàèñòèíà ?
>
>
> Ìîÿò /usb/bin/X11/XFree86 ne e suid root. Íî X e suid è sgid root...
àì àíäæúê äå ;-) /usr/X11R6/bin/X å wrapper-a çà XFree86. Êàêòî è äà å àêî
èñêàø ïàê ìîæå äà äàäåø íà users äà ïóñêàò X-ñà, íî ïðè ìåí ñè ïðîäúëæàâà
ñàìî root äà ìîæå ÷ðåç startx, äðóãèòå ïðåç display manager ñàìî ñëåä
authentification, è ïîíå çà ñåãà íå ñúì ðàçáðàë çàùî å òàêà.
Åòî òóêà åäíà ïîäîáíà äèñêóñèÿ, íî òÿ êàñàå ñëó÷àÿ êîãàòî user å ñòàðòèðàë X
ñåñèÿ è ñå íóæäàå äà ñòàðòèðà ïðèëîæåíèå èçèñêâàùî root ïðèâèëåãèè, su.
http://lists.debian.org/debian-devel/2002/debian-devel-200207/msg00259.html
[ïèùå è çà .Xauthority]
Êàêòî è äà å ãà èìàì âðåìå ùå âèäÿ äà purge è ðåèíñòàëë íÿêîè ÷àñòè îò X-ñà
èëè öåëèÿ, ñåãà íå ìè ñå çàíèìàâà ;-)
--
Greets,
fr33zb1
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|