| View previous topic :: View next topic |
| Author |
Message |
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
 Posted: Wed Nov 26, 2014 8:03 pm Post subject: xauth: timeout in locking authority file and sudo [solved] |
 |
|
Greetings,
I have a user (userA) that runs a program and a bunch of users (groupA) that can execute that program. here are the scripts:
| Code: |
#!/bin/bash -x
XAUTH_ENTRY="$1"
echo "${USER} ${PWD} ${HOME}"
if [ -z "${XAUTH_ENTRY}" ]; then
logger "$(basename $0) [Error]: XAUTH_ENTRY variable is unset!"
exit 1
fi
xauth add ${XAUTH_ENTRY}
kdialog --dontagain myscript:nofilemsg --msgbox "this is a test!"
xauth remove $(echo ${XAUTH_ENTRY} | awk '{print $NF}') |
which is executed via sudo call as userA.
and the wrapper script:
| Code: |
#!/bin/bash -x
if [ -z "${DISPLAY}" ]; then
logger "$(basename $0) [Error]: not DISPLAY is set!".
exit 1
fi
XAUTH_ENTRY="$(xauth list ${DISPLAY})"
sudo -u userA ~userA/test/test.sh "${XAUTH_ENTRY}"
|
sudoers look like this:
| Code: |
%groupA ALL = (userA) NOPASSWD: /home/userA/test/test.sh
|
when I execute the wrapper from a user in groupA, I get this:
| Code: |
+ '[' -z :1 ']'
++ xauth list :1
+ XAUTH_ENTRY='NCC-5001-D/unix:1 MIT-MAGIC-COOKIE-1 xxxxx'
+ sudo -u userA /home/userA/test/test.sh 'NCC-5001-D/unix:1 MIT-MAGIC-COOKIE-1 xxxxx'
+ XAUTH_ENTRY='NCC-5001-D/unix:1 MIT-MAGIC-COOKIE-1 xxxxx'
+ echo 'dagg /home/dagg /home/dagg'
dagg /home/dagg /home/dagg
+ '[' -z 'NCC-5001-D/unix:1 MIT-MAGIC-COOKIE-1 xxxxx' ']'
+ xauth add NCC-5001-D/unix:1 MIT-MAGIC-COOKIE-1 xxxxx
xauth: timeout in locking authority file /home/dagg/.Xauthority
+ kdialog --dontagain myscript:nofilemsg --msgbox 'this is a test!'
No protocol specified
kdialog: cannot connect to X server :1
++ echo NCC-5001-D/unix:1 MIT-MAGIC-COOKIE-1 xxxxx
++ awk '{print $NF}'
+ xauth remove xxxxx
|
I assume that this happens because it gets executed by user dagg and not user userA.
any hints on why this doesn't get executed as user userA?
Thanks.
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein
Last edited by DaggyStyle on Sun Nov 30, 2014 6:31 pm; edited 1 time in total |
|
| Back to top |
|
 |
Chiitoo
Administrator
Joined: 28 Feb 2010
Posts: 2571
Location: Here and Away Again
|
| Posted: Thu Nov 27, 2014 2:57 pm Post subject: |
|
|
Teegrins,
I can't comment too much on the script(s), but the
| Code: | | xauth: timeout in locking authority file /home/dagg/.Xauthority |
is the same message that is displayed when doing something like
| Code: | | xauth extract - $DISPLAY |
as a user that doesn't have permission to do it.
So with that in mind, to me it looks more like it was run as a user other than dagg, since they can't read /home/dagg/.Xauthority, but I could be wrong!
_________________
Kindest of regardses. |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
| Posted: Thu Nov 27, 2014 10:12 pm Post subject: |
|
|
| Chiitoo wrote: | Teegrins,
I can't comment too much on the script(s), but the
| Code: | | xauth: timeout in locking authority file /home/dagg/.Xauthority |
is the same message that is displayed when doing something like
| Code: | | xauth extract - $DISPLAY |
as a user that doesn't have permission to do it.
So with that in mind, to me it looks more like it was run as a user other than dagg, since they can't read /home/dagg/.Xauthority, but I could be wrong! |
imho that exactly is the issue, thing is, I thought sudo will fix that for me but it isn't...
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
DaggyStyle
Watchman
Joined: 22 Mar 2006
Posts: 5909
|
| Posted: Sun Nov 30, 2014 6:30 pm Post subject: |
|
|
solved!
by bug was that in /etc/sudoers I had both USER and HOME set in Defaults env_keep.
removing them fixed the issue.
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
| Back to top |
|
|
|
Other Things Gentoo
