Bug 1213452 - Xauthority with sudo strange on Tumbleweed 20230712
Summary: Xauthority with sudo strange on Tumbleweed 20230712
Status: RESOLVED FIXED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Basesystem (show other bugs)
Version: Current
Hardware: x86-64 openSUSE Tumbleweed
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Otto Hollmann
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-19 07:22 UTC by Dr. Werner Fink
Modified: 2024-05-16 14:52 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dr. Werner Fink 2023-07-19 07:22:52 UTC 
Something has changed for Xauthority and sudo ... 

 echo $XAUTHORITY 
 /tmp/xauth_iXHnaZ

 sudo -i
 noether:~ # echo $DISPLAY 
 :0
 noether:~ # xauth list
 noether:~ # xauth:  timeout in locking authority file /tmp/xauth_iXHnaZ

... root should use a *copy* of 

... even is the locks had been removed ... xauth does not show anything for root which makes it impossible to use X as root with `sudo -i`

... btw: su works

 su
 Password: 
 noether:readline # xauth -i list
 noether/unix:0  MIT-MAGIC-COOKIE-1  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 #ffff##:0  MIT-MAGIC-COOKIE-1  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

this bug is related to boo#1212932
Comment 1 Fabian Vogt 2023-07-19 07:29:56 UTC 
su probably works because of pam_xauth, with sudo this doesn't work and you just get $XAUTHORITY forwarded: https://github.com/linux-pam/linux-pam/issues/22
Comment 2 Dr. Werner Fink 2023-07-19 07:37:09 UTC 
(In reply to Fabian Vogt from comment #1)
> su probably works because of pam_xauth, with sudo this doesn't work and you
> just get $XAUTHORITY forwarded:
> https://github.com/linux-pam/linux-pam/issues/22

On leap 15.4 it simply works

 sudo -i
 xauth list | wc -l
 2
 echo $XAUTHORITY 
 /run/sddm/{7cb6d09c-857c-4a94-8ec3-496729557fd3}

that was the reason for my guess that this might depend on  boo#1212932
Comment 3 Fabian Vogt 2023-07-19 08:13:44 UTC 
(In reply to Dr. Werner Fink from comment #2)
> (In reply to Fabian Vogt from comment #1)
> > su probably works because of pam_xauth, with sudo this doesn't work and you
> > just get $XAUTHORITY forwarded:
> > https://github.com/linux-pam/linux-pam/issues/22
> 
> On leap 15.4 it simply works
> 
>  sudo -i
>  xauth list | wc -l
>  2
>  echo $XAUTHORITY 
>  /run/sddm/{7cb6d09c-857c-4a94-8ec3-496729557fd3}

That's actually yet another $XAUTHORITY: The one used by the greeter. The actual X session uses one in $XDG_RUNTIME_DIR/xauth_XXXXXX

> that was the reason for my guess that this might depend on  boo#1212932
Comment 4 Dr. Werner Fink 2023-07-19 08:35:47 UTC 
(In reply to Fabian Vogt from comment #3)

> 
> That's actually yet another $XAUTHORITY: The one used by the greeter. The
> actual X session uses one in $XDG_RUNTIME_DIR/xauth_XXXXXX
> 
> > that was the reason for my guess that this might depend on  boo#1212932

Currently it does not as boo#121932 mentions it
Comment 5 Petr Gajdos 2024-05-16 14:52:44 UTC 
As confirmed with Valentin and Werner, this is solved in sudo by resolving
https://github.com/linux-pam/linux-pam/issues/22
.

https://www.sudo.ws/repos/sudo/rev/2c6fef0107c8