Bug 1213452

Summary: Xauthority with sudo strange on Tumbleweed 20230712
Product: [openSUSE] openSUSE Tumbleweed Reporter: Dr. Werner Fink <werner>
Component: BasesystemAssignee: Otto Hollmann <otto.hollmann>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: fvogt, pgajdos, valentin.lefebvre
Version: Current   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE Tumbleweed   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Dr. Werner Fink 2023-07-19 07:22:52 UTC 
Something has changed for Xauthority and sudo ... 

 echo $XAUTHORITY 
 /tmp/xauth_iXHnaZ

 sudo -i
 noether:~ # echo $DISPLAY 
 :0
 noether:~ # xauth list
 noether:~ # xauth:  timeout in locking authority file /tmp/xauth_iXHnaZ

... root should use a *copy* of 

... even is the locks had been removed ... xauth does not show anything for root which makes it impossible to use X as root with `sudo -i`

... btw: su works

 su
 Password: 
 noether:readline # xauth -i list
 noether/unix:0  MIT-MAGIC-COOKIE-1  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 #ffff##:0  MIT-MAGIC-COOKIE-1  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

this bug is related to boo#1212932
Comment 1 Fabian Vogt 2023-07-19 07:29:56 UTC 
su probably works because of pam_xauth, with sudo this doesn't work and you just get $XAUTHORITY forwarded: https://github.com/linux-pam/linux-pam/issues/22
Comment 2 Dr. Werner Fink 2023-07-19 07:37:09 UTC 
(In reply to Fabian Vogt from comment #1)
> su probably works because of pam_xauth, with sudo this doesn't work and you
> just get $XAUTHORITY forwarded:
> https://github.com/linux-pam/linux-pam/issues/22

On leap 15.4 it simply works

 sudo -i
 xauth list | wc -l
 2
 echo $XAUTHORITY 
 /run/sddm/{7cb6d09c-857c-4a94-8ec3-496729557fd3}

that was the reason for my guess that this might depend on  boo#1212932
Comment 3 Fabian Vogt 2023-07-19 08:13:44 UTC 
(In reply to Dr. Werner Fink from comment #2)
> (In reply to Fabian Vogt from comment #1)
> > su probably works because of pam_xauth, with sudo this doesn't work and you
> > just get $XAUTHORITY forwarded:
> > https://github.com/linux-pam/linux-pam/issues/22
> 
> On leap 15.4 it simply works
> 
>  sudo -i
>  xauth list | wc -l
>  2
>  echo $XAUTHORITY 
>  /run/sddm/{7cb6d09c-857c-4a94-8ec3-496729557fd3}

That's actually yet another $XAUTHORITY: The one used by the greeter. The actual X session uses one in $XDG_RUNTIME_DIR/xauth_XXXXXX

> that was the reason for my guess that this might depend on  boo#1212932
Comment 4 Dr. Werner Fink 2023-07-19 08:35:47 UTC 
(In reply to Fabian Vogt from comment #3)

> 
> That's actually yet another $XAUTHORITY: The one used by the greeter. The
> actual X session uses one in $XDG_RUNTIME_DIR/xauth_XXXXXX
> 
> > that was the reason for my guess that this might depend on  boo#1212932

Currently it does not as boo#121932 mentions it
Comment 5 Petr Gajdos 2024-05-16 14:52:44 UTC 
As confirmed with Valentin and Werner, this is solved in sudo by resolving
https://github.com/linux-pam/linux-pam/issues/22
.

https://www.sudo.ws/repos/sudo/rev/2c6fef0107c8