xhost access control fails to add other users
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | x11-xserver-utils (Ubuntu) |
High
|
Unassigned | ||
Bug Description
Since 15.04 it is not possible to allow access control to a specific user.
Tested with the current xubuntu 15.04 live iso file, it is the same problem.
$ md5sum xubuntu-
586604cdb814f90
It can easily reproduced by adding another user:
sudo adduser user2
xhost +SI:localuser:user2
localuser:user2 being added to access control list
su user2
But it is sill not possible to start gui applications.
user2@xubuntu:~$ xclock
No protocol specified
Error: Can't open display: :0.0
user2@xubuntu:~$ /usr/bin/firefox
(process:3130): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed
No protocol specified
No protocol specified
Error: cannot open display: :0.0
a workaround would be:
xhost +local:
non-network local connections being added to access control list
added apport-collect 1448431
---
ApportVersion: 2.17.2-0ubuntu1
Architecture: amd64
CasperVersion: 1.360
CurrentDesktop: XFCE
DistroRelease: Ubuntu 15.04
LiveMediaBuild: Xubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422.1)
Package: x11-xserver-utils 7.7+2ubuntu2
PackageArchitec
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_
LANG=de_DE.UTF-8
SHELL=/bin/bash
ProcVersionSign
Tags: vivid
Uname: Linux 3.19.0-15-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
_MarkForUpload: True
| asgard2 (kamp000x) wrote : Dependencies.txt | #1 |
| tags: | added: apport-collected vivid |
| description: | updated |
| description: | updated |
| tags: | added: access control xhost |
| Launchpad Janitor (janitor) wrote : | #3 |
Status changed to 'Confirmed' because the bug affects multiple users.
| Changed in x11-xserver-utils (Ubuntu): | |
| status: | New → Confirmed |
| Changed in x11-xserver-utils (Ubuntu): | |
| importance: | Undecided → High |
| ntfwc (ntfwc) wrote : | #4 |
I have used this functionality extensively, and wrote a few scripts to make it easier to run programs as other users. So I ran into this rather quickly on 15.04. As a workaround, you can use xauth instead. For example, as a script:
#!/bin/sh
OTHER_USER=user2
echo "Giving $OTHER_USER xauth key"
XAUTH_KEY=$(xauth list | grep $(uname -n) | sed -n '1,1p' | cut -d ' ' -f 5)
#If XAUTHORITY is set, it probably won't be a file writable by the other user
unset XAUTHORITY
sudo -Hu $OTHER_USER xauth add $DISPLAY . $XAUTH_KEY
sudo -Hu $OTHER_USER xclock
echo "Taking $OTHER_USER xauth key"
sudo -Hu $OTHER_USER xauth remove $DISPLAY


apport information