Red Hat Bugzilla – Bug 915498
su transfers XDG_RUNTIME_DIR while it probably shouldn't
Last modified: 2014-11-17 07:33:02 EST
Description of problem:
I guess XDG_RUNTIME_DIR should not be transferred when I log in as an another user using "su -". It points to a directory that is relevant to the UID, and of course it is writeable just by the owner.
I see some ugly messages when I try to run an application to uses dconf (gcalctool for example).
> kparal@kraken ~ $ id
> uid=1000(kparal) gid=1000(kparal) groups=1000(kparal),4(adm),10(wheel)
> kparal@kraken ~ $ echo $XDG_RUNTIME_DIR
> kparal@kraken ~ $ su - gamer
> [gamer@kraken ~]$ id
> uid=1002(gamer) gid=1002(gamer) groups=1002(gamer)
> [gamer@kraken ~]$ echo $XDG_RUNTIME_DIR
> [gamer@kraken ~]$ gcalctool
> ** (gcalctool:3674): CRITICAL **: unable to create directory '/run/user/1000/dconf': Permission denied. dconf will not work properly.
> (lots of these)
Version-Release number of selected component (if applicable):
For me this is a bit contrary to https://bugzilla.redhat.com/show_bug.cgi?id=912778 ... maybe I don't understand this correctly. Anyway - su moved to util-linux in F19/Rawhide... is it the same way there?
I'm not the expert in these matter, I can't really say what the right behavior should be. But it seems to me very weird to pass by variables that point to a location that can't be accessed. Especially when everything works correctly if you unset that variable.
I tested with util-linux-2.22-6.fc19.x86_64 and the behavior is the same. Should we reassign to Rawhide and util-linux?
Karel Zak (util-linux maintainer) is in CC here and this kind of behaviour is AFAIK caused by pam hooks (which is area of Tomas Mraz - not in CC yet). Let's keep it here and wait for Karel's opinion. We may move it or even just not a bug it... Can't say for sure at the moment.
One further note - with sudo there are no XDG variables passed by, just with su.
Bug #912778 talks about login shell but this bug talks about non-login shell (i.e. "su" vs. "su -l"). I wrote proposal how to deal with both bugs on https://bugzilla.redhat.com/show_bug.cgi?id=753882#c35
Adam, I actually talk about login shell as well ("su -"). After reading bug 753882 I think this one can be safely duped to it. It's basically the same problem. But I leave that decision for the more educated ones in this area.
Let's go with duplicate, I agree...
*** This bug has been marked as a duplicate of bug 753882 ***