sudo with problems

[William Hooper]

"Beerse, Corni" said:
>> -----Original Message-----
>> From: Uwe Dippel [mailto:udippel@yahoo.com]
>>
>> --- William Hooper <whooper@freeshell.org> wrote:
>>
>> > The error is coming from xauth, not VNC.
>>
>> > Is there a reason to use sudo over just using su?  The init scripts
>> > from
>> > both TightVNC and Red Hat (possibly more) use su without a problem.
>>
>> Sorry, here they don't.
>> I tried
>> [root@machine myuser]# su - myuser -c "vncserver :1"
>> xauth:  timeout in locking authority file /root/.xauthGPeKe5
>> xauth:  timeout in locking authority file /root/.xauthGPeKe5
>
> The `vncserver` script clearly uses the real-userid and the real-users
> home
> directory. Not the effective userid and the effective users home
> directory.
> I would not regard this as a bug but a design option.

You miss the part that it works for other people, and in fact is used by
TightVNC and Red Hat in their scripts to start VNC as a service.  This is
not a "design option".

> To avoid this, don't use:
> `su - myuser -c "vncviewer"`
> but use:
> `rsh localhost -l myuser "vncviewer"`
> With that, you also change the real user id.

Assuming that rsh is installed and started.  I haven't checked, but I
would be surprised if that is the case with most Linux distros since
OpenSSH came around as a more secure way of doing things.

> An other way to avoid it is to remove the xauth security from the
> vncserver-script and use the -ac opiton to Xvnc to remove initial
> security.
> You can always add security on the fly with `xhost` and with `xauth`. See
> their manual pages for details.

This might be what Uwe wants to for the time being.  Uwe, have you looked
at the VNC logs yet to see if they give a better description of the error?

-- 
William Hooper