Description of problem: After upgrading from FC4t2 to FC4t3, I am unable to open sudo-invoked root terminals in an X session. Version-Release number of selected component (if applicable): xorg-x11-6.8.2-30 gdm-2.6.0.8-12 sudo-1.6.8p8-1 How reproducible: Always Steps to Reproduce: 1. Login in X as normal (non-root) user 2. $ sudo /bin/su - root -c gnome-terminal Actual results: No root terminal opens. * shell output : Xlib: connection to ":0.0" refused by server Xlib: Invalid MIT-MAGIC-COOKIE-1 key (gnome-terminal:22862): Gtk-WARNING **: cannot open display: * /var/log/gdm/:0.log output : AUDIT: Thu May 19 14:34:23 2005: 3820 X: client 36 rejected from local host Auth name: MIT-MAGIC-COOKIE-1 ID: -1 Expected results: A root gnome-terminal should open, as when invoking : $ /bin/su - root -c gnome-terminal Additional info: - This worked perfectly in FC3 and up to and including FC4t2 ; - SELinux is not enabled ; - please note that due to bug #158176, I am unable to strace the process.
Can you try commands: $ xauth info $ xauth list "$DISPLAY" $ sudo su - root -c "xauth info" $ sudo su - root -c set | grep XAUTHORITY BTW, I can reproduce it on FC3 by command: $ sudo su - root -c "unset XAUTHORITY; gnome-terminal" Xlib: connection to ":0.0" refused by server Xlib: No protocol specified (gnome-terminal:12431): Gtk-WARNING **: cannot open display: -- I have sudo-1.6.8p8-1 in FC3 and it works fine. I think there's probably a problem with sudo env reset or with PAM.
didier@dmbr042 ~$ xauth info Authority file: /home/didier/.Xauthority File new: no File locked: no Number of entries: 3 Changes honored: yes Changes made: no Current input: (argv):1 didier@dmbr042 ~$ xauth list "$DISPLAY" dmbr042.fvms.UGent.be/unix:0 MIT-MAGIC-COOKIE-1 a31e69866f1ee0da11db667fa59074de didier@dmbr042 ~$ sudo su - root -c "xauth info" Authority file: /root/.Xauthority File new: no File locked: no Number of entries: 1 Changes honored: yes Changes made: no Current input: (argv):1 didier@dmbr042 ~$ sudo su - root -c set | grep XAUTHORITY (last command returns nothing) pam versions : pam_ccreds-1-6 pam_smb-1.1.7-6 pam-0.79-8 pam_mount-0.9.24-1 pam_passwdqc-0.7.6-1 pam_krb5-2.1.5-1 pam-devel-0.79-8
It's bad, sudo su - root -c "xauth info" should be returns path to ~/didier. I have last question: can you try it without sudo? -- it means: su - root -c gnome-terminal (or su - -c "xauth info"). Thanks.
1. $ su - root -c gnome-terminal Works perfectly ; in the newly opened terminal : # xauth info Authority file: /root/.xauthqnPJHY File new: no File locked: no Number of entries: 1 Changes honored: yes Changes made: no Current input: (argv):1 # ls -al /root/.xauthqnPJHY -rw------- 1 root root 66 mei 19 14:12 /root/.xauthqnPJHY # xauth list "$DISPLAY" dmbr042.fvms.UGent.be/unix:0 MIT-MAGIC-COOKIE-1 a31e69866f1ee0da11db667fa59074de 2. $ su - -c "xauth info" Password: Authority file: /root/.xauthVqEQ7F File new: no File locked: no Number of entries: 1 Changes honored: yes Changes made: no Current input: (argv):1 # ls -al /root/.xauthVqEQ7F ls: /root/.xauthVqEQ7F: No such file or directory
I forgot, please send your '/etc/sudoers'.
Created attachment 114618 [details] /etc/sudoers
Created attachment 114765 [details] sudo strace As bug #158176 has been fixed in the latest kernel, I'm including an strace log of : $ sudo su - root -c "strace -o/root/gnome-terminal.strace -f gnome-terminal" Xlib: connection to ":0.0" refused by server Xlib: Invalid MIT-MAGIC-COOKIE-1 key (gnome-terminal:26591): Gtk-WARNING **: cannot open display:
This is known bug but it will be fixed after the FC4 release as a pam update.
The Bug is still pressent in FC4 release and should be updated.
Update to pam package in updates-testing (audit-libs update needed as well) which should resolve this issue.
Confirmed fixed in pam-0.79-9.1 ; thanks.