Re: Bug#81397: [authorization] fails silently for normal users, cannot start server
On Sat, Jan 06, 2001 at 04:39:43PM -0200, Henrique M Holschuh wrote: > That mailing search stuff has some weird problems, yes. As for not being > written down anywhere, the postinst asks you about it. I think there is a > manpage for Xwrappers.config, but it's not installed in my system. There is. I forgot to add it to debian/xserver-common.files. I have now done so and it will appear in the next release. Thanks for pointing this out. In the meantime, I have MIME-attached it. To view it, use the following command: nroff -man whatever-you-save-it-as | pager -- G. Branden Robinson |Convictions are more dangerous enemies Debian GNU/Linux|of truth than lies. [EMAIL PROTECTED] |-- Friedrich Nietzsche http://www.debian.org/~branden/ | .\" This manpage is copyright (C) 2000 Progeny Linux Systems, Inc. .\" Author: Branden Robinson <[EMAIL PROTECTED]> .\" .\" This is free software; you may redistribute it and/or modify .\" it under the terms of the GNU General Public License as .\" published by the Free Software Foundation; either version 2, .\" or (at your option) any later version. .\" .\" This is distributed in the hope that it will be useful, but .\" WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with the Debian GNU/Linux system; if not, write to the Free .\" Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA .\" 02111-1307 USA .TH Xwrapper.config 5 "17 Dec 2000" "Debian GNU/Linux" .SH NAME Xwrapper.config \- configuration options for X server wrapper .SH DESCRIPTION .I /etc/X11/Xwrapper.config contains a set of flags that determine some of the behavior of Debian's X server wrapper, which is installed on the system as .IR /usr/X11R6/bin/X . The purpose of the wrapper, and of this configuration file, is twofold: firstly, to implement sound security practice. Since the X server requires superuser privileges, it may be unwise to permit just any user on the system to execute it. Even if the X server is not exploitable in the sense of permitting ordinary users to gain elevated privileges, a poorly-written or insufficiently-tested hardware driver for the X server may cause bus lockups and freeze the system, an unpleasant experience for anyone using it at the time. .PP Secondly, a wrapper is a convenient place to set up an execution environment for the X server distinct from the configurable parameters of the X server itself. .PP .B Xwrapper.config may be edited by hand, but it is typically configured via debconf, the Debian configuration tool. The X server wrapper is part of the .I xserver-common Debian package, therefore the parameters of .B Xwrapper.config may be changed with the command .IR "dpkg-reconfigure xserver-common" . See .IR dpkg-reconfigure (8) for more information. .PP The format of .B Xwrapper.config is a text file containing a series of lines of the form .TP .IR name = value .PP where .I name is a variable name containing any combination of numbers, letters, or underscore (_) characters, and .I value is any combination of letters, numbers, underscores (_), dashes (-). .I value may also contain spaces as long as there is at least one character from the list above bounding the space(s) on both sides. Whitespace before and after .IR name , value , or the equals sign is legal but ignored. Any lines not matching the above described legal format are ignored. Note that this specification may change as the X server wrapper develops. .PP Available options are: .IP allowed_users may be set to one of the following values: .BR rootonly , console , anybody . "rootonly" indicates that only the root user may start the X server; "console" indicates that root, or any user whose controlling TTY is a virtual console, may start the X server; and "anybody" indicates that any user may start the X server. .IP nice_value may be any integer in the interval [-20,20]. This is used to set the executing X server's process priority. See .IR nice (1). .SH SEE ALSO .IR dpkg-reconfigure (8), .IR nice (1) .SH AUTHOR This manpage was written by Branden Robinson for Progeny Linux Systems, Inc., and Debian GNU/Linux. pgpEZ0pYJW2CI.pgp Description: PGP signature
Re: Bug#81397: [authorization] fails silently for normal users, cannot start server
On Sat, Jan 06, 2001 at 04:39:43PM -0200, Henrique M Holschuh wrote: > That mailing search stuff has some weird problems, yes. As for not being > written down anywhere, the postinst asks you about it. I think there is a > manpage for Xwrappers.config, but it's not installed in my system. There is. I forgot to add it to debian/xserver-common.files. I have now done so and it will appear in the next release. Thanks for pointing this out. In the meantime, I have MIME-attached it. To view it, use the following command: nroff -man whatever-you-save-it-as | pager -- G. Branden Robinson |Convictions are more dangerous enemies Debian GNU/Linux|of truth than lies. [EMAIL PROTECTED] |-- Friedrich Nietzsche http://www.debian.org/~branden/ | .\" This manpage is copyright (C) 2000 Progeny Linux Systems, Inc. .\" Author: Branden Robinson <[EMAIL PROTECTED]> .\" .\" This is free software; you may redistribute it and/or modify .\" it under the terms of the GNU General Public License as .\" published by the Free Software Foundation; either version 2, .\" or (at your option) any later version. .\" .\" This is distributed in the hope that it will be useful, but .\" WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with the Debian GNU/Linux system; if not, write to the Free .\" Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA .\" 02111-1307 USA .TH Xwrapper.config 5 "17 Dec 2000" "Debian GNU/Linux" .SH NAME Xwrapper.config \- configuration options for X server wrapper .SH DESCRIPTION .I /etc/X11/Xwrapper.config contains a set of flags that determine some of the behavior of Debian's X server wrapper, which is installed on the system as .IR /usr/X11R6/bin/X . The purpose of the wrapper, and of this configuration file, is twofold: firstly, to implement sound security practice. Since the X server requires superuser privileges, it may be unwise to permit just any user on the system to execute it. Even if the X server is not exploitable in the sense of permitting ordinary users to gain elevated privileges, a poorly-written or insufficiently-tested hardware driver for the X server may cause bus lockups and freeze the system, an unpleasant experience for anyone using it at the time. .PP Secondly, a wrapper is a convenient place to set up an execution environment for the X server distinct from the configurable parameters of the X server itself. .PP .B Xwrapper.config may be edited by hand, but it is typically configured via debconf, the Debian configuration tool. The X server wrapper is part of the .I xserver-common Debian package, therefore the parameters of .B Xwrapper.config may be changed with the command .IR "dpkg-reconfigure xserver-common" . See .IR dpkg-reconfigure (8) for more information. .PP The format of .B Xwrapper.config is a text file containing a series of lines of the form .TP .IR name = value .PP where .I name is a variable name containing any combination of numbers, letters, or underscore (_) characters, and .I value is any combination of letters, numbers, underscores (_), dashes (-). .I value may also contain spaces as long as there is at least one character from the list above bounding the space(s) on both sides. Whitespace before and after .IR name , value , or the equals sign is legal but ignored. Any lines not matching the above described legal format are ignored. Note that this specification may change as the X server wrapper develops. .PP Available options are: .IP allowed_users may be set to one of the following values: .BR rootonly , console , anybody . "rootonly" indicates that only the root user may start the X server; "console" indicates that root, or any user whose controlling TTY is a virtual console, may start the X server; and "anybody" indicates that any user may start the X server. .IP nice_value may be any integer in the interval [-20,20]. This is used to set the executing X server's process priority. See .IR nice (1). .SH SEE ALSO .IR dpkg-reconfigure (8), .IR nice (1) .SH AUTHOR This manpage was written by Branden Robinson for Progeny Linux Systems, Inc., and Debian GNU/Linux. PGP signature
[authorization] fails silently for normal users, cannot start server
Package: xserver-xfree86 Version: 4.0.1-9 Severity: important When I try to start X server as a user, the X server complains that the authorization has failed and terminates. Likewise when trying to login from gdm (tried other display managers, too) I can't paste anything now but as far as I can summarize: from auth.log, a message like PAM_unix[...]: authentication failure; (uid=0) -> exa for gdm service exa is a normal user here, and gdm is the standard gdm. exa's uid is 1000 That's when I try to login from gdm. When I try to login from console the error is more silent. PAM_unix[..]: (login) session opened for user exa by LOGIN(uid=0) what is going on here? :((( none of our users can login to X for the past 6 weeks!!! help please. Thanks, -- System Information Debian Release: woody Architecture: i386 Kernel: Linux borg 2.2.14 #1 Wed Mar 29 19:43:52 EEST 2000 i686 Versions of packages xserver-xfree86 depends on: ii debconf 0.5.34 Debian configuration management sy ii libc6 2.2-6 GNU C Library: Shared libraries an ii xserver-common4.0.1-11 files and utilities common to all ii zlib1g1:1.1.3-11 compression library - runtime
[authorization] fails silently for normal users, cannot start server
Package: xserver-xfree86 Version: 4.0.1-9 Severity: important When I try to start X server as a user, the X server complains that the authorization has failed and terminates. Likewise when trying to login from gdm (tried other display managers, too) I can't paste anything now but as far as I can summarize: from auth.log, a message like PAM_unix[...]: authentication failure; (uid=0) -> exa for gdm service exa is a normal user here, and gdm is the standard gdm. exa's uid is 1000 That's when I try to login from gdm. When I try to login from console the error is more silent. PAM_unix[..]: (login) session opened for user exa by LOGIN(uid=0) what is going on here? :((( none of our users can login to X for the past 6 weeks!!! help please. Thanks, -- System Information Debian Release: woody Architecture: i386 Kernel: Linux borg 2.2.14 #1 Wed Mar 29 19:43:52 EEST 2000 i686 Versions of packages xserver-xfree86 depends on: ii debconf 0.5.34 Debian configuration management sy ii libc6 2.2-6 GNU C Library: Shared libraries an ii xserver-common4.0.1-11 files and utilities common to all ii zlib1g1:1.1.3-11 compression library - runtime -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
