Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
doas issue, cannot open display: :0.0
View unanswered posts
View posts from last 24 hours
View posts from last 7 days

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
krumpf
Apprentice
Apprentice


Joined: 15 Jul 2018
Posts: 185

PostPosted: Fri Nov 25, 2022 8:02 am    Post subject: doas issue, cannot open display: :0.0 Reply with quote

Hi,
Since my last weekly system update, I got an issue with doas, it seems that commands that use a GUI won't start, and complain about inability to open display.
Code:
krumpf@fractal ~ $ doas mousepad text_file
doas (krumpf@fractal) password:
Authorization required, but no authorization protocol specified


(mousepad:5621): Gtk-WARNING **: 08:38:39.533: cannot open display: :0.0

krumpf@fractal ~ $ doas -s
doas (krumpf@fractal) password:
fractal /home/krumpf # mousepad text_file
Authorization required, but no authorization protocol specified


(mousepad:5655): Gtk-WARNING **: 08:39:04.209: cannot open display: :0.0


It used to work like a charm, I didn't change any configuration file, making me wonder what the heck is going wrong.
If I use su to get root privileges, launching apps with a GUI gives no trouble.

Destkop is XFCE (no wayland here), drivers are nvidia 515.65.01, if additional infos are needed, let me know.
Back to top
View user's profile Send private message
alamahant
Advocate
Advocate


Joined: 23 Mar 2019
Posts: 3916

PostPosted: Fri Nov 25, 2022 10:35 am    Post subject: Reply with quote

Hi
Do you have
Code:

~/.Xauthority

file?
If not run
Code:

touch ~/.Xauthority

log out and back in.
_________________
:)
Back to top
View user's profile Send private message
krumpf
Apprentice
Apprentice


Joined: 15 Jul 2018
Posts: 185

PostPosted: Fri Nov 25, 2022 11:45 am    Post subject: Reply with quote

Yes, the .Xauthority file is present in my home folder, its timestamp shows it's been created when X server started.
Code:
-rw-------  1 krumpf  krumpf    52 25 nov.   12:32 .Xauthority

If, in a terminal, I login as root (either through doas or su), the .Xauthority is also present in root's home folder, same timestamp, but it shows a 0 byte size.
Code:
-rw-------  1 root root    0 25 nov.   12:32 .Xauthority


Edit : I discovered the xauth command and its results are inconsistent according to the way I'm logged into a terminal
As normal user
Code:
krumpf@fractal ~ $ xauth
Using authority file /home/krumpf/.Xauthority

As root through doas
Code:
fractal /home/krumpf # xauth
Using authority file /root/.Xauthority

As root through su
Code:
fractal /home/krumpf # xauth
Using authority file /root/.xauthGogBm1


3 different files for Xauthority, is that normal ? Could that be the cause of doas inability to open display :0.0 ?
Back to top
View user's profile Send private message
mike155
Advocate
Advocate


Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany

PostPosted: Fri Nov 25, 2022 1:39 pm    Post subject: Reply with quote

I think it's perfectly fine that you cannot run X11 applications after changing users with doas.

It should also not be possible after changing users with su. That's why we have sux.

I'm not an X11 security expert. But it seems that you are/were able to run X11 applications after su or doas, because there's a security flaw on your machine.
Back to top
View user's profile Send private message
krumpf
Apprentice
Apprentice


Joined: 15 Jul 2018
Posts: 185

PostPosted: Fri Nov 25, 2022 4:21 pm    Post subject: Reply with quote

mike155 wrote:
I think it's perfectly fine that you cannot run X11 applications after changing users with doas.

It should also not be possible after changing users with su. That's why we have sux.

I'm not an X11 security expert. But it seems that you are/were able to run X11 applications after su or doas, because there's a security flaw on your machine.


Sounds weird to me :?
For years I've been using sudo mousepad on other distros without any trouble. There are even applications with GUI that actually require root privileges (e.g. gparted), and it never felt like there was a security flaw.
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22578

PostPosted: Fri Nov 25, 2022 4:59 pm    Post subject: Reply with quote

For each of the working and non-working cases, check the value of the environment variables $DISPLAY, $XAUTHORITY. Check that $XAUTHORITY points to a file which is readable by the calling user, and is current. Historically, PAM configuration would pass through some of this state using pam_xauth.so. Perhaps that is no longer enabled for you.
Back to top
View user's profile Send private message
krumpf
Apprentice
Apprentice


Joined: 15 Jul 2018
Posts: 185

PostPosted: Fri Nov 25, 2022 6:32 pm    Post subject: Reply with quote

As regular user
Code:
krumpf@fractal ~ $ env | grep -E "DISPLAY|XAUTH"
XAUTHORITY=/home/krumpf/.Xauthority
DISPLAY=:0.0

-rw------- 1 krumpf krumpf 52 25 nov.   12:32 /home/krumpf/.Xauthority

Both env variables exists, and the .Xauthority file got created when X server started during my last boot.

As root through su
Code:
fractal ~ # env | grep -E "DISPLAY|XAUTH"
XAUTHORITY=/root/.xauthhJxC0v
DISPLAY=:0.0

-rw------- 1 root root 52 25 nov.   18:55 /root/.xauthhJxC0v

Both env variables exists, and the .xauthhJxC0v file got created when I got root privileges, and is destroyed when I quit the 'su' terminal.

As root through doas
Code:
fractal ~ # env | grep -E "DISPLAY|XAUTH"
DISPLAY=:0.0

-rw------- 1 root root 0 Nov 25 12:32 /root/.Xauthority

Here, $XAUTHORITY env variable doesn't seems to exist despite xauth command says it's using file /root/.Xauthority
and the /root/.Xauthority file feels weird: it's 0 byte, and its timestamp matches the X server starts.

Starting to think it could be a doas bug, I'll reinstall sudo and give it a try.
Back to top
View user's profile Send private message
krumpf
Apprentice
Apprentice


Joined: 15 Jul 2018
Posts: 185

PostPosted: Fri Nov 25, 2022 6:46 pm    Post subject: Reply with quote

Been reinstalling sudo, and it works, I can "sudo mousepad" and mousepad will launch.

So I guess it's a doas bug (or some incompatibility with pam), could anyone confirm ?
Back to top
View user's profile Send private message
irets
Apprentice
Apprentice


Joined: 17 Dec 2019
Posts: 228

PostPosted: Fri Nov 25, 2022 6:54 pm    Post subject: Reply with quote

Seems to be broken on my system too.
Code:
irets@navi ~ $ doas thunar
doas (irets@navi) password:
thunar: Failed to initialize Xfconf: Error spawning command line ?dbus-launch --autolaunch=8a768050c21c613b74502b3b602e71fe --binary-syntax --close-stderr?: Child process exited with code 1

Authorization required, but no authorization protocol specified


(thunar:5635): Gtk-WARNING **: 20:53:40.100: cannot open display: :0
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22578

PostPosted: Fri Nov 25, 2022 8:21 pm    Post subject: Reply with quote

xauth defaults to $HOME/.Xauthority if $XAUTHORITY is unset.

Do you have the pam configuration for doas set to use the pam_xauth.so module?
Back to top
View user's profile Send private message
krumpf
Apprentice
Apprentice


Joined: 15 Jul 2018
Posts: 185

PostPosted: Fri Nov 25, 2022 8:57 pm    Post subject: Reply with quote

The doas package provides a pam config file /etc/pam.d/doas
Code:
krumpf@fractal ~ $ cat /etc/pam.d/doas
#%PAM-1.0
auth            include         system-auth
account         include         system-auth
session         include         system-auth

but, should it be the reason for my issue, I got no idea about how to fix it.
Back to top
View user's profile Send private message
alamahant
Advocate
Advocate


Joined: 23 Mar 2019
Posts: 3916

PostPosted: Fri Nov 25, 2022 10:29 pm    Post subject: Reply with quote

Try adding
Code:

session    optional      pam_xauth.so


in doas pam file.
Do you get same error with sudo also?
This clause only appears in su and runuser pam files.
_________________
:)
Back to top
View user's profile Send private message
krumpf
Apprentice
Apprentice


Joined: 15 Jul 2018
Posts: 185

PostPosted: Fri Nov 25, 2022 10:58 pm    Post subject: Reply with quote

@alamahant
Added the line to the doas pam file, rebooted and... nope, it didn't change anything.
No errors with sudo.

Now, maybe I could try changing the "include" in doas pam file to "substack" (aka just copy/paste the sudo pam file),
as I understand it, both doas & sudo invoke the system-auth pam file
but right now, I'm starting to yawn, and in my experience it's usually not the best time to tweak system files, so I'll try tomorrow.
Back to top
View user's profile Send private message
alamahant
Advocate
Advocate


Joined: 23 Mar 2019
Posts: 3916

PostPosted: Fri Nov 25, 2022 11:19 pm    Post subject: Reply with quote

Try this
Code:

sudo rm /root/.xauth*
su -
mv /root/.xauthhxxxxx /root/.Xauthority
exit
doas mousepad .....

OR

su -
rm ~/.Xauthority
touch ~/.Xauthority
xauth generate :0 . trusted
xauth add ${HOSTNAME}:0 . $(xxd -l 16 -p /dev/urandom)

Or even better fully log as root from your DM.
_________________
:)
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22578

PostPosted: Sat Nov 26, 2022 2:02 am    Post subject: Reply with quote

Running a graphical session as root is strongly discouraged, since almost no programs should need it. Similarly, rather than renaming the random xauth file, set $XAUTHORITY to point to the file you wish to use.
Back to top
View user's profile Send private message
krumpf
Apprentice
Apprentice


Joined: 15 Jul 2018
Posts: 185

PostPosted: Sat Nov 26, 2022 11:55 am    Post subject: Reply with quote

So I tried replacing the doas pam file content with sudo one, and it didn't work.
Guess I'll use sudo for now, until I manage to understand the pam file syntax.
Back to top
View user's profile Send private message
sMueggli
Guru
Guru


Joined: 03 Sep 2022
Posts: 481

PostPosted: Sat Nov 26, 2022 2:33 pm    Post subject: Reply with quote

If you use "sudo" you do not need to run the graphical editor with elevated privileges.

You can set the environment variable
Code:
VISUAL=mousepad
and edit a file with
Code:
sudoedit /etc/fstab # as an example


The editor will then run with normal user privileges.
Back to top
View user's profile Send private message
ianisdo
n00b
n00b


Joined: 16 Jan 2021
Posts: 18
Location: Chisinau, Moldova Republic of

PostPosted: Thu Apr 11, 2024 8:51 am    Post subject: Reply with quote

bump, Im having the same issue
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum