我有一个 vnc 会话,我可以通过su - user为其他用户执行 来访问 X11,而不需要 sux。
另外,当我尝试使用sudo sux - user或切换到用户时sudo su - user,我无法访问 X11 并收到以下错误:
由于身份验证错误,X11 连接被拒绝。
但其他人正在努力:sux和su。
当然,我仍然对 sux 显示的消息感到困惑:
Value of TERM has been set to "xauth -q remove localhost:100.0 2>/dev/null; xauth -q remove localhost/unix:100.0;"
为什么要删除旧密钥?有什么必要性?
su 和 sux 的工作原理几乎相同,两者都在删除旧密钥并且都有效。如何以及为何?
sudo su以及/sudo sux不工作的原因是什么?
答案1
答案(sux)在脚本的注释中给出。它将 X 显示 cookie 从您的原始用户权限转移到 root 用户权限,以允许它使用这些转移的权限打开 X 显示。
这是值得一读的部分:
# We highjack the TERM environment variable to transfer the cookies to the
# other user. We do this so that they never appear on any command line, and
# because TERM appears to be the only environment variable that is not
# reset by su. Then, as long as 'echo' is a shell builtin, these cookies
# will never appear as command line arguments which means noone will be
# able to intercept them (assuming they were safe in the first place).
sux_term="TERM='$TERM'"
# now we can store the script that will restore the cookies on the other
# side of the su, in TERM!
# Remove the old cookies. They may cause trouble if we transfer only one
# cookie, e.g. an MIT cookie, and there's still a stale XDM cookie hanging
# around.
export TERM="xauth -q remove $DISPLAY 2>/dev/null;"
if [ -n "$sux_unix_display" ]
then
TERM="$TERM xauth -q remove $sux_unix_display;"
fi