kdesu No X authentication

When running any program that requires root authorisation, nothing happens after typing in the password into kdesu. There is a delay, then kdesu disappears, then nothing.
Typing kdesu yast2 into a konsole produces this output:

kdesu(6298)/kdesu (kdelibs) KDESu::KDESuPrivate::KCookie::getXCookie: No X authentication info set for display ":0" 
QProcess: Destroyed while process is still running.
kdesu(6298)/kdesu (kdelibs) KDESu::KDESuPrivate::KCookie::getXCookie: No X authentication info set for display ":0" 
QProcess: Destroyed while process is still running.

Typing yast2 as root from konsole gives me:


No protocol specified
y2controlcenter: cannot connect to X server :0

My xorg.conf


Section "Monitor"
        Identifier      "LVDS"
        Option          "PreferredMode" "1600x900"
EndSection


Section "Monitor"
        Identifier      "VGA-0"
        Option          "PreferredMode" "1280x1024"
        Option          "RightOf" "LVDS"
        Option          "Primary" "true"
EndSection

(It’s a laptop with a monitor attached)
The machine authenticates normal users by LDAP and uses NFS home dirs, which all work fine. Logging into a root session from kdm allows me to run yast and other programs

I can use yast from the commandline (the curses version), but it’s not quite as practical :wink:

Any help?

Forgot to say, its an openSUSE 12.3 machine, installed from a full DVD

Works for me.

What’s the output from


printenv | grep '[x0]'

Post the output with code tags. I’m guessing something is messed up in your environment variables.

Run:

xauth -b

That should fix it…

On 05/08/2013 08:46 PM, captain alge wrote:
> Logging into a root session from kdm allows me to
> run yast and other programs

should never do that! and having done so (even once) may be the cause
for your current problems.

always log into KDE as a simple user…then just click on the YaST
icon to launch it…and, it will ask you for the root password…

or, if you prefer you can launch a user terminal and issue


kdesu yast2

which will ask for the root pass and then launch the GUI version of
YaST…

if you have logged into KDE as root, or launched a user terminal and
then issued any version of su or sudo prior to the kdesu then you
have not followed the correct procedure, and should expect failure.


dd
http://tinyurl.com/DD-Caveat

But maybe you should explain what it does. Because basicaly it is a security isue.

I don’t think so, especially if you’re just running “xauth -b”.
OK, I forgot to add that you should then enter ‘q’ to quit it again.

From xauth’s man page:

   -b      This  option  indicates  that xauth should attempt to break any
           authority file locks before proceeding.  Use this  option  only
           to **clean up stale locks**.

I often had this problem in 11.3 or 11.4, I don’t know what caused it, but “xauth -b” fixed it for me each time. It cleans up locks that are left over by (buggy?) applications, in my understanding.

To be honest, I don’t really know what its implications are. But if you do, please explain why you think it’s a security issue…
I would be interested to know, honestly.

Thanks for all the replies,

@DenverD, of course, I was only proving that yast2 works

@wolfi323, no go, same problem

printenv:


DM_CONTROL=/var/run/xdmctlTERM=xterm
HISTSIZE=1000
GTK2_RC_FILES=/etc/gtk-2.0/gtkrc:/home/oliver.lee/.gtkrc-2.0-kde4:/home/oliver.lee/.gtkrc-2.0-qtengine:/home/oliver.lee/.gtkrc-2.0:/home/oliver.lee/.kde4/share/config/gtkrc-2.0
WINDOWID=73400346
SHELL_SESSION_ID=0bebf5af5c4d40008ecb1433b7916df6
NO_PROXY=localhost, 127.0.0.1
http_proxy=http://192.168.0.149:3128
LS_COLORS=no=00:fi=00:di=01;34:ln=00;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=41;33;01:ex=00;32:*.cmd=00;32:*.exe=01;32:*.com=01;32:*.bat=01;32:*.btm=01;32:*.dll=01;32:*.tar=00;31:*.tbz=00;31:*.tgz=00;31:*.rpm=00;31:*.deb=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.lzma=00;31:*.zip=00;31:*.zoo=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.tb2=00;31:*.tz2=00;31:*.tbz2=00;31:*.xz=00;31:*.avi=01;35:*.bmp=01;35:*.fli=01;35:*.gif=01;35:*.jpg=01;35:*.jpeg=01;35:*.mng=01;35:*.mov=01;35:*.mpg=01;35:*.pcx=01;35:*.pbm=01;35:*.pgm=01;35:*.png=01;35:*.ppm=01;35:*.tga=01;35:*.tif=01;35:*.xbm=01;35:*.xpm=01;35:*.dl=01;35:*.gl=01;35:*.wmv=01;35:*.aiff=00;32:*.au=00;32:*.mid=00;32:*.mp3=00;32:*.ogg=00;32:*.voc=00;32:*.wav=00;32:
HOSTTYPE=x86_64
ftp_proxy=
SESSION_MANAGER=local/oli-top.leenet:@/tmp/.ICE-unix/945,unix/oli-top.leenet:/tmp/.ICE-unix/945
CONFIG_SITE=/usr/share/site/x86_64-unknown-linux-gnu
XDG_CONFIG_DIRS=/etc/xdg
CPU=x86_64
QT_IM_MODULE=xim
gopher_proxy=
KDE_SESSION_UID=1000
https_proxy=
COLORFGBG=15;0
XDG_SEAT=seat0
OSTYPE=linux
LS_OPTIONS=-N --color=tty -T 0
no_proxy=localhost, 127.0.0.1
XCURSOR_THEME=Oxygen_White
HTTP_PROXY=http://192.168.0.149:3128
MACHTYPE=x86_64-suse-linux
DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-OOqdvpVlJ2,guid=c5f2adf20780ed14dae98a47518ab70c
XDG_RUNTIME_DIR=/run/user/1000
DISPLAY=:0

I just created a local user, using passwd authentication and a local home dir, kdesu worked fine
However, I also have another laptop running openSUSE 12.3, which uses kdesu fine and is set up identically. This one was installed from the KDE 32bit live cd though…

I get


XAUTHLOCALHOSTNAME= (my hostname/domain)

in the output of “printenv”. I’m not sure what puts it there, but it does seem to have something to do with X authentication.

Sorry, that was the output from printenv | grep ‘[x0]’

Full Printenv:


LESSKEY=/etc/lesskey.bin
XDG_VTNR=7
MANPATH=/usr/local/man:/usr/share/man
NNTPSERVER=news
SSH_AGENT_PID=878
KDE_MULTIHEAD=false
XDG_SESSION_ID=1
DM_CONTROL=/var/run/xdmctl
HOSTNAME=oli-top.leenet
XKEYSYMDB=/usr/X11R6/lib/X11/XKeysymDB
TERM=xterm
SHELL=/bin/bash
HOST=oli-top.leenet
HISTSIZE=1000
XDM_MANAGED=method=classic
PROFILEREAD=true
GTK2_RC_FILES=/etc/gtk-2.0/gtkrc:/home/oliver.lee/.gtkrc-2.0-kde4:/home/oliver.lee/.gtkrc-2.0-qtengine:/home/oliver.lee/.gtkrc-2.0:/home/oliver.lee/.kde4/share/config/gtkrc-2.0
KONSOLE_DBUS_SERVICE=:1.64
TMPDIR=/tmp
KONSOLE_PROFILE_NAME=Shell
GTK_RC_FILES=/etc/gtk/gtkrc:/home/oliver.lee/.gtkrc:/home/oliver.lee/.kde4/share/config/gtkrc
GS_LIB=/home/oliver.lee/.fonts
WINDOWID=54525978
MORE=-sl
XSESSION_IS_UP=yes
SHELL_SESSION_ID=928eefce3bb44000a19c46a7cdedaef8
GTK_MODULES=canberra-gtk-module
KDE_FULL_SESSION=true
NO_PROXY=localhost, 127.0.0.1
http_proxy=http://192.168.0.149:3128
USER=oliver.lee
JRE_HOME=/usr/lib64/jvm/jre
LS_COLORS=no=00:fi=00:di=01;34:ln=00;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=41;33;01:ex=00;32:*.cmd=00;32:*.exe=01;32:*.com=01;32:*.bat=01;32:*.btm=01;32:*.dll=01;32:*.tar=00;31:*.tbz=00;31:*.tgz=00;31:*.rpm=00;31:*.deb=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.lzma=00;31:*.zip=00;31:*.zoo=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.tb2=00;31:*.tz2=00;31:*.tbz2=00;31:*.xz=00;31:*.avi=01;35:*.bmp=01;35:*.fli=01;35:*.gif=01;35:*.jpg=01;35:*.jpeg=01;35:*.mng=01;35:*.mov=01;35:*.mpg=01;35:*.pcx=01;35:*.pbm=01;35:*.pgm=01;35:*.png=01;35:*.ppm=01;35:*.tga=01;35:*.tif=01;35:*.xbm=01;35:*.xpm=01;35:*.dl=01;35:*.gl=01;35:*.wmv=01;35:*.aiff=00;32:*.au=00;32:*.mid=00;32:*.mp3=00;32:*.ogg=00;32:*.voc=00;32:*.wav=00;32:
XNLSPATH=/usr/share/X11/nls
HOSTTYPE=x86_64                                                                                                                                                                
QEMU_AUDIO_DRV=pa                                                                                                                                                              
SSH_AUTH_SOCK=/tmp/ssh-5I83NKYrdO8v/agent.822                                                                                                                                  
FTP_PROXY=                                                                                                                                                                     
ftp_proxy=                                                                                                                                                                     
FROM_HEADER=                                                                                                                                                                   
SESSION_MANAGER=local/oli-top.leenet:@/tmp/.ICE-unix/954,unix/oli-top.leenet:/tmp/.ICE-unix/954
CONFIG_SITE=/usr/share/site/x86_64-unknown-linux-gnu
PAGER=less
CSHEDIT=emacs
XDG_CONFIG_DIRS=/etc/xdg
MINICOM=-c on
DESKTOP_SESSION=default
PATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games
MAIL=/var/spool/mail/oliver.lee
CPU=x86_64
QT_IM_MODULE=xim
JAVA_BINDIR=/usr/lib64/jvm/jre/bin
PWD=/home/oliver.lee
INPUTRC=/etc/inputrc
XMODIFIERS=@im=local
JAVA_HOME=/usr/lib64/jvm/jre
gopher_proxy=
KONSOLE_DBUS_WINDOW=/Windows/1
LANG=en_GB.UTF-8
KDE_SESSION_UID=1000
PYTHONSTARTUP=/etc/pythonstart
KONSOLE_DBUS_SESSION=/Sessions/1
HTTPS_PROXY=
https_proxy=
SSH_ASKPASS=/usr/lib/ssh/ssh-askpass
GPG_TTY=/dev/pts/1
AUDIODRIVER=pulseaudio
COLORFGBG=15;0
QT_SYSTEM_DIR=/usr/share/desktop-data
SHLVL=2
XDG_SEAT=seat0
HOME=/home/oliver.lee
OSTYPE=linux
KDE_SESSION_VERSION=4
ALSA_CONFIG_PATH=/etc/alsa-pulse.conf
SDL_AUDIODRIVER=pulse
LANGUAGE=
LESS_ADVANCED_PREPROCESSOR=no
LS_OPTIONS=-N --color=tty -T 0
no_proxy=localhost, 127.0.0.1
XCURSOR_THEME=Oxygen_White
HTTP_PROXY=http://192.168.0.149:3128
WINDOWMANAGER=/usr/bin/startkde
LESS=-M -I -R
G_FILENAME_ENCODING=@locale,UTF-8,ISO-8859-15,CP1252
LOGNAME=oliver.lee
MACHTYPE=x86_64-suse-linux
DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-ukbY61TRRu,guid=b8937155682f63152e880b63518bc991
XDG_DATA_DIRS=/usr/share:/usr/share
LESSOPEN=lessopen.sh %s
USE_FAM=
WINDOWPATH=7
PROFILEHOME=
XDG_RUNTIME_DIR=/run/user/1000
DISPLAY=:0
QT_PLUGIN_PATH=/home/oliver.lee/.kde4/lib64/kde4/plugins/:/usr/lib64/kde4/plugins/
GTK_IM_MODULE=cedilla
XAUTHLOCALHOSTNAME=oli-top.leenet
LESSCLOSE=lessclose.sh %s %s
QT_IM_SWITCHER=imsw-multi
G_BROKEN_FILENAMES=1
COLORTERM=1
JAVA_ROOT=/usr/lib64/jvm/jre
_=/usr/bin/printenv

That one does have XAUTHLOCALHOSTNAME
Not sure if it’s my understanding that’s wrong, but setting domain name in yast appends it to the hostname, rather than setting the domainname
So in yast,
Hostname: oli-top
Domainname: leenet

But hostname at a terminal outputs
oli-top.leenet
And domainname outputs
(none)

Not sure if that’s relevant…

I’ll try using a NFS3 mount instead, see if that works…

I am not seeing any problem in your environment.

I guess that leaves it still a puzzle that you were having problems.

Interesting.

That happens here, too, though I had never noticed. It does not seem to cause problems.

I think domainname is supposed to be for the NIS domain, and doesn’t really matter if you are not running NIS (I am not). And, technically, the NIS domainname does not have to be the same as the Internet domain name. So Yast might actually be getting it right, and maybe Sun was getting it wrong.

You could also try:

sudo rm ~/.Xauthority /root/.Xauthority

See here: sudo - How to fix gksu / kdesudo? kdesudo(2831) KDESu::KDESuPrivate::KCookie::getXCookie: No X authentication info set for display “:0” - Ask Ubuntu

The nfs3 mount did not work, neither did a complete reinstall using a KDE 64bit live cd nor sudo rm ~/.Xauthority /root/.Xauthority

However, as per https://bugs.launchpad.net/ubuntu/+source/kdesudo/+bug/144722, running
xhost +
allows kdesu to function normally for that session (untill restart), but not from the command line…
ie, running yast from the graphical menu works

running
kdesu yast
does not, outputting:


kdesu(6298)/kdesu (kdelibs) KDESu::KDESuPrivate::KCookie::getXCookie: No X authentication info set for display ":0"
QProcess: Destroyed while process is still running.
kdesu(6298)/kdesu (kdelibs) KDESu::KDESuPrivate::KCookie::getXCookie: No X authentication info set for display ":0"
QProcess: Destroyed while procoss is still running.

but then hangs…

any help?

Try a new user and see if they have the same problem. There may be other files owned by root in your home

~/.IceAuthority as well as ~/Xauthority can get re-owned if you log into a GUI as root.

A fresh try.

When I use “kdesu”, I see that it sets up a temporary “xauth” file to authenticate X-connections, as in:


XAUTHORITY=/tmp/xauth.XXXXvAlKVp

Is there anything that prevents root from writing to “/tmp”?. For example, is “/tmp” full (no space left).

Note: to get that XAUTHORITY information, I did:


kdesu xterm -e bash &

and then I used “printenv” in the bash shell for the new xterm window that opened as a result.

As best I can tell from a quick scan, the environment is mostly from my normal environment, with that XAUTHORITY being an exception.

All files in home should be owned by the user NOT root.

Try a different user

After updating the server that hosted the LDAP and NFS servers to Debian 7, kdesu seems to be working normally

Thanks for the help all, sorry I can’t debug this any further

You never mentioned the you had LDAP hosted on a separate machine. That was a very important piece of information to keep to yourself. LOL