unable to run a graphical app via cron

English Applications
1

in luckybackup i schedule a job this add a job in cron
env DISPLAY=:0 /usr/bin/luckybackup …

task is well launched at the expected time but no gui and no execution of the backup
i must terminate luckybackup with terminate command.

log of luckybackup

Invalid MIT-MAGIC-COOKIE-1 key
No protocol specified
No protocol specified
No protocol specified

No protocol specified
No protocol specified
No protocol specified

same problem with kate or with another user

see these tests i made to discover where is the problem
https://sourceforge.net/p/luckybackup/discussion/873563/thread/0f421f90/?limit=25#46bc

2

You are troddingin a mine field.

When you start a GUI program from the background (cron or other), there is no guarantee whatsoever that a GUI is running in the first place (or do you expect the background program to start X (when not running) and then log in in the Display Manager?).

OTOH there may be already a running GUI session, but there may even be more then one. So which one to choose? You tried to solve that by specifying the session to be used (DISPLAY=:0), but are you sure that session is the correct one? In any case your program (luckybackup) can not “lnow this”.

And even when all this is by incident working together, the owner of the running session on DISPLAY=:0 has the final saying. You can not without approval og the owner of a session open windows on a session from outside. That would be a huge security hole. that would e.g.allow anybody to trace all keyboard srokes from outside (remember that basically that outside program may even run on another system and try to use the GUI session over the network).
For that the GUI session owner can allow outside host/user combinations to use his GUI. Earlier there was the tool xhosts for this, but it isn’t available in todays openSUSE. Most probably because of security.

I think you should think over the implications of what you want: allowing a program to open a window on a session where that program is not running from, on in a multi-user and multi-session operating system like Linux.

3

For many years i used cron to start luckybackup without no problem and without any action from me about any security feature thus with default opensuse security.

suddenly since 2017 12 14 i have got this problem.

4

I don’t use lucky backup,
And, your referenced thread is confusing… one moment your backup is working, next it’s not. Or is it actually working?

In any case,
I noticed the person assisting you described using the “xhost +” command for X11 access control, and you should know that some serious flaws were discovered or more accurately re-evaluated late last year… So, it’s possible or likely that if lucky backup relies on the “xhost +” command anywhere, it might not work the same today (or shortly) as it has in the past. You should find some info on this with a simple Internet search.

I don’t know why a backup cron job should need to launch a graphical window, practically every graphical app on Linux can be run entirely in non-graphical mode.

HTH but obviously not able to offer anything solid,
TSU

5
  • manual backup : OK
  • headless cron job : OK
  • graphical cron Job : Fail

why using a graphical cron job ?

  • receive notification when job start
  • receive notification when job finished with a report saying “no problem” or “problem”
  • during backup there is a luckybackup icon in the systray. i can click on it to watch backup running

I assume 2017 12 14 there were an update of sddm. this the cause of the problem.

if you search modifiction journal with yast you find this:

| jeu. 14 déc. 2017 13:00:00 CET
|
| fabian@ritter-vogt.de
| - Update to 0.17.0:

  • Added possibility to change border width of ComboBox widget.
  • Added missing utmp/wtmp/btmp handling.
  • Make greeter see icons set by AccountsServices.
  • Fix sddm.conf man page syntax error and update.
  • Fix ComboBox widget.
  • Fix connection of PropertiesChanged event for LogindSeat.
  • Avoid race conditions with Xsetup.
  • Update de translation.
  • Update lt translation.
  • Update zh_TW translation.
  • Adjust order of components in the default PATH.
  • Set default input method to qtvirtualkeyboard.
  • Update to 0.16.0:
    • Support non-latin characters in theme settings.
    • Support fish shell in Xsession and wayland-session.
    • Unlock GNOME keyring at login.
    • Configuration directory.
    • Make the default cursor themed.
    • Update date and time in elarun theme.
    • Fix theme metadata default values.
    • Fix session selection in elarun.
    • Do not truncate XAUTHORITY on login.
    • Make enabled property of Button functional.
    • Fix typos in documentation.
    • Re-use existing sessions.
    • Add ConsoleKit 2 support.
    • Stop assuming shadow(5) is always available.
    • Explicitely set XDG_SEAT when starting a user session.
    • Suppress errors when pam_elogind is not available.
    • Suppress errors when pam_systemd is not available.
    • Added possibility to change color of dropdown menu.
    • Add Hindi translation.
    • Completed Swedish translation.
    • Update French translation.
  • Move to system configuration dirs, replace sddm.conf with
    00-general.conf and 10-theme.conf
  • Refresh patches:
    • 0001-Revert-Rename-XDisplay-and-WaylandDisplay-config-sec.patch
    • proper_pam.diff
  • Rename patches:
    • sysconfig-support.patch:
      0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
    • create_pid_file.patch:
      0001-Write-the-daemon-s-PID-to-a-file-on-startup.patch
  • Remove patches, now upstream:
    • 0001-Do-not-truncate-XAUTHORITY-file-on-login.patch
      |

i note this :

jeu. 14 déc. 2017 13:00:00

  • Do not truncate XAUTHORITY on login.
  • Remove patches, now upstream:
    • 0001-Do-not-truncate-XAUTHORITY-file-on-login.patch

and perhaps others i can’t recognized because i am not a techie person about this problem

something has changed about managing authorization of X

6

This guide provides a good overview
openSUSE: X Window System and X AuthenticationAs Tsu pointed out xhost authentication has some security issues, so not advisable. In any case the following can be done to grant X-server access to a root-owned process running outside of X.

xhost +si:localuser:root

As a test, I then changed to a VT (CTRL+ALT+F3) and was able to start a graphical app from tty3 using

# env DISPLAY=:0 /path/to/graphical-utility

When I went back to tty7, there it was running.

I then revoked these rights with ‘xhost -si:localuser:root’ and used Xauthority instead. This has to pertain to the user that has an active X-session already of course…

export XAUTHORITY=/home/dean/.Xauthority; env DISPLAY=:0 /path/to/graphical-utility
7

@deano_ferrari

i never used xhost command to solve problem only for debugging.

i will test your solution , thanks

8

@deano_ferrari

your solution does not work

see journal :

Jan 16 11:49:07 linux-58nc crontab[4705]: (roubach) LIST (roubach)
Jan 16 11:49:07 linux-58nc crontab[4706]: (roubach) REPLACE (roubach)
Jan 16 11:49:07 linux-58nc crontab[4707]: (roubach) LIST (roubach)
Jan 16 11:49:18 linux-58nc crontab[4829]: (roubach) LIST (roubach)
Jan 16 11:50:01 linux-58nc cron[2754]: (roubach) RELOAD (/var/spool/cron/tabs/roubach)
Jan 16 11:50:23 linux-58nc su[4853]: The gnome keyring socket is not owned with the same credentials as the user login: /run/user/1000/keyring/control
Jan 16 11:50:23 linux-58nc su[4853]: gkr-pam: couldn’t unlock the login keyring.
Jan 16 11:50:23 linux-58nc su[4853]: (to root) roubach on pts/0
Jan 16 11:50:23 linux-58nc su[4853]: pam_unix(su-l:session): session opened for user root by roubach(uid=1000)
Jan 16 11:50:23 linux-58nc su[4853]: pam_systemd(su-l:session): Cannot create session: Already running in a session

in luckybackup log :

Invalid MIT-MAGIC-COOKIE-1 keyNo protocol specified
qt.qpa.screen: QXcbConnection: Could not connect to display :0
Could not connect to any X display.

9

i uninstalled gnome keyring because skype uses libresecret now.

thus we get something less complicated :

Jan 16 12:41:01 linux-58nc CRON[4463]: (roubach) CMD (env DISPLAY=:0 /usr/bin/luckybackup --silent --skip-critical /home/roubach/.luckyBackup/profiles/default.profile > /home/roubach/.luckyBackup/logs/default-LastCronLog.log 2>&1)
Jan 16 12:41:01 linux-58nc CRON[4461]: pam_unix(crond:session): session closed for user roubach
Jan 16 12:43:21 linux-58nc su[4542]: (to root) roubach on pts/0
Jan 16 12:43:21 linux-58nc su[4542]: pam_unix(su-l:session): session opened for user root by roubach(uid=1000)
Jan 16 12:43:21 linux-58nc su[4542]: pam_systemd(su-l:session): Cannot create session: Already running in a session

10

luckybackup support found the solution :

0 12 * * * env DISPLAY=:0 XAUTHORITY=/tmp/xauth-1000-_0 /usr/bin/luckybackup …

11

Hi!
I have same trouble, but your solution doesn’t work fo me (openSUSE Tumbleweed.).

I get this error when i run cron-task from gui:

Invalid MIT-MAGIC-COOKIE-1 keyNo protocol specified
qt.qpa.screen: QXcbConnection: Could not connect to display :0
Could not connect to any X display.
qt.qpa.plugin: Could not load the Qt platform plugin “xcb” in “” even though it was found.
This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem.

Available platform plugins are: wayland-org.kde.kwin.qpa, eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, xcb.

12

i have found the solution.

I ran the: env | grep -e DISPLAY -e AUTHORITY and get XAUTHORITY=/home/bonifacio/.Xauthority

with this commnand cron works well:

env DISPLAY=:0 XAUTHORITY=/home/bonifacio/.Xauthority /path-to-script …

Thanks!

13

try to contact lucky backup help by creating a discussion.
https://sourceforge.net/p/luckybackup/discussion/873563/

14

yes but at next sddm update good setting will be " env DISPLAY=:0 XAUTHORITY=/tmp/xauth-1000-_0 /usr/bin/luckybackup …"

i experiment this pb without ending. now i use leap 15.0. there is no more problem if sddm is updated.

15

Problem still here…
When I run cron test from gui it works fine. But sheduled task doesn’t show kdialog!

And I get following message:

Invalid MIT-MAGIC-COOKIE-1 keyNo protocol specified
/home/bonifacio/popupfreespace.sh: строка 11: 24099 Аварийный останов (стек памяти сброшен на диск) kdialog --title ‘root space & memoty info.’ --passivepopup “$v $mem” 60

16

Finally i have found the solution!

I added “xauth +” command and cron shows dialogs.

17

for more security i’ve executed command: xhost local:root

18

Just an IMO comment…

All the reasons given for having to execute luckybackup in graphical mode eg notifications) don’t hold water.
There are many examples where apps have both a graphical and command line interface, and when the interface is separated from the functionality, it’s trivial to invoke whatever you wish. The key of course for the application to be properly written in modular form and separating the UI from functionality.

Since this issue about having to run xhost+ has come up a few times,
This is a big sign that luckybackup should be looking at whether they should be looking at refactoring their codebase.
One day, even these workarounds may not exist because of the security risks they introduce.

IMO
TSU

19

Hi
Consider investigating the use of Xvfb…

20

I’m running Leap 15.0.
Somewhere around 17th November 2018 my user crontab script calling kdialog stopped working with the message:

Could not connect to any X display

Thanks to the entries in this topic it now works again.

I have now changed the crontab entry to:

15 19 * * * /home/$USER/script/remind.sh

and the line in remind.sh:

export XAUTHORITY=/home/$USER/.Xauthority; env DISPLAY=:0 /usr/bin/kdialog --msgbox  ...

So with thanks to the contributors to this thread this works for me, but I don’t understand why it stopped working.
I’m posting this as I had trouble finding a solution with crontab and kdialog in it and maybe it will help someone.

Best wishes

John