[Bug 157748] Re: sudo X apps fails on NFS mounted homes

[jlp]

FYI, I think this used to work okay in 10.04, but fails in exactly the
same way as described above in 12.04.

Note, in 10.04, X was started by gdm and was passed a -auth argument that looked like this:
/var/run/gdm/auth-for-gdm-??????/database
when a user would log in, their XAUTHORITY environment variable was set to point to this same file.

On 12.04, X is started by lightdm with a -auth flag that looks like this:
/var/run/lightdm/root/:0
and when a user logs in, their XAUTHORITY environment variable points to /path/to/home/.Xauthority.

Obviously, in a NFS environment root on a local workstation doesn't have
access to the user's home directory, causing the problem.

With gdm, there appeared to be code in /etc/gdm/Init/Default to handle
setting the XAUTHORITY variable, and presumably gdm knew how to change
the ownership of the database file to the appropriate user when they
logged in.  lightdm doesn't appear to be as smart as gdm. :-(

I added the following code to my .bashrc file, which seems to work around the problem:
# try to work around Ubuntu 12.04 XAUTHORITY settings
# are we on the console *and* running lightdm *and* root?
if [ `id -u` -eq 0 ]; then
  if [ "$XAUTHORITY" == "$HOME/.Xauthority" ]; then
    if [ "$DISPLAY" == ":0" ]; then
      x_cmd=`ps guaxww | grep /usr/bin/X | grep -v grep`
      case "$x_cmd" in
        *lightdm*)
          XAUTHORITY=`echo $x_cmd | sed -e 's/^.*-auth //' | awk '{print $1}'`
          export XAUTHORITY
          ;;
      esac
    fi
  fi
fi

but it only works for interactive shells, so if I do "sudo bash" and
then run X programs, I'm good, but if I do "sudo xprogram", then it
still doesn't work.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/157748

Title:
  sudo X apps fails on NFS mounted homes

Status in “sudo” package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: sudo

  With upgrade to gutsy, sudo and kdesu stopped working.

  user at localhost ~> sudo xterm
  Xlib: connection to ":0.0" refused by server
  Xlib: No protocol specified

  Warning: This program is an suid-root program or is being run by the root user.
  The full text of the error or warning message cannot be safely formatted
  in this environment. You may get a more descriptive message by running the
  program as a non-root user or by removing the suid bit on the executable.
  xterm Xt error: Can't open display: %s

  
  Note: The user's home is mounted via NFS (via default root_squash option). Moving it to a local directory makes the above work.
  Some analysis with strace (see trace below) showed that sudo tries to access the user's ~/.Xauthority file, but fails due to the restricted root access on the NFS share.
  This was working without problems on feisty, in exactly this configuration. For reasons of security it is probably needles to say that setting no_root_squash option on the NFS share is *no*`option.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/157748/+subscriptions