Introduction
xsu Is an interface for the command `su - username -c command` in Gnome. When
the user executes xsu, he will be prompted for a command, a username and a
password. If the username and password are correct xsu will execute the command
as the entered user. So if the username was root, then the command will be
executed as root.
Of course it's also possible to predefine the username and the command by
using the [-u,--username] and [-c,--command] arguments at the command line
of xsu. This can be very useful when using xsu in for example gmenu or the
panel.
Security
Gnome Xsu > 0.2.x uses the standard su binary to gain it's root access. This
way, all security issues should be solved.
Note that during installation you have to make sure that there are no other
su binaries in your PATH. This generally means that your system is already
compromised anyway, but by adding this to the security notes of Gnome Xsu,
you now know that Gnome Xsu is nolonger responsible for security attacks like
this on your system.
It might or might not be possible that one can spoof the data that goes trough
the faked zvt terminal. I am working on a more solid solution for this,
Gnome Xsu will then start it's own filedescriptor with a terminal on.
For now this is a security issue and you will have to life with that. Note
that this issue makes Gnome Xsu as unsave as starting the command su in your
xterm or gnome-terminal. I do not know if that is very insecure or secure.
Please refer to the documentation of the zvt widget for more information
about this security issue.
Known issues
Gnome Xsu uses the Unix 'su' execute the command. This means that your
DISPLAY environment variable of the user must be set correctly. You can
put for example export DISPLAY=:0 in the file /etc/profile (bash).
You can also use the option --set-display which will set the DISPLAY environment
variable to ":0" before starting the command.
Installation
! You need the Gnome-2.0 (And GTK+-2.0) and libzvt-2.0 development packages (Gnome libs)
Example (RedHat Linux)
./configure
make
make install
Special options for ./configure
usage: configure [--option=value]
Help:
--help print this message
Directory and file names:
--man-base=PATH Set path to man pages [/usr/share/man]
--doc-path=PATH Set path for documentation [/usr/share/doc]
--compiler=PATH Set compiler [cc]
--gnome-config-prefix=PATH Where to find gnome-config []
--prefix=PATH Installation base
--su-pwd-out=STRVALUE Set what su outputs while waiting for password.
Gnome Xsu will wait for this string to send the
password through the faked terminal. So this string
MUST be correct ! (test with "su - root -c test")
[Password: ]
--max-su-delay=INTVALUE Delay before su fails [30000]
--debug Enables debugging mode (only for developpers)
Uninstallation (dont remove the Makefile nor do make distclean)
make uninstall
Doing a distclean
make distclean
For distrubutions which do not use a standard Unix su command
Argh, get yourself GNU sh-utils. Oh well, in case you don't want to install
another su-package, you can try the configuration option --su-pwd-out.
Basicly it comes to this : Gnome Xsu will wait until the faked zvt terminal
where su has been executed returns "Password: " before it sends the password
which you typed at the password textbox to the terminal. Using this
configuration option, you can change that string. However, I still recommend
installing GNU sh-utils. Gnome Xsu has only been tested with the GNU sh-utils
package.
Little manual
- Commandline parameters for xsu
* [-u|--username] "username" Sets the username.
* [-c|--command] "command line" Sets the command.
* [-m|--message] "Message^line" Sets the message.
* [-t|--title] "Window title" Sets the window title.
* [-i|--icon] "pixmap file" Loads another icon.
* [-e|--hide] Hides the username.
* [-a|--set-display] "hostname:port" Sets the DISPLAY
environment variable
to :0 before starting
the command if no 2e
argument is given. Else
use the Xserver at
hostname:p
* [-d|--unadaptable] Disables the username
and command textboxes
if possible.
* [-h|--help] Displays help.
ps. When using -m or --message you can use the character ^
in your message if you want to use a new line, and the character
~ if you want to use a tabulation. If no message is set, then
the default message will be used :
The action you requested requires root
priveleges.
Please enter the correct password for it
below and press [Return] or click OK.
Example :
xsu --message "The action you requested requires root^priveleges.^Please enter the correct password for it^below and press [Return] or click OK."
- Using xsu in gmenu (Menu Editor)
At the "Command:" textbox just use for example
xsu -c "The command line" -u "root" -m "Enter the root password^please."
* Examples :
Command: xsu -c "gmenu" -u "root" -m "To start the Menu Editor^you have to enter^the root password^here."
Command: xsu --title "" -c DrakConf -u root -d -e -m "In order to run \"DrakConf\" as root.^Additional information is required."
Command: xsu --title "" -c xterm -u root -d -e -m "In order to run \"xterm\" as root.^Additional information is required." -i "/usr/share/pixmaps/gnome-hint.png"
Using xsu in gmenu
xsu - this example
xsu --command "gmenu" --username "root" --message "For the Menu Editor you need root access.^Enter the root password Below."
Another example
xsu --title "" -c DrakConf -u root -d -e -m "In order to run \"DrakConf\" as root.^Additional information is required."
Last example
xsu --title "" -c xterm -u root -d -e -m "In order to run \"xterm\" as root.^Additional information is required." -i "/usr/share/pixmaps/gnome-hint.png"
Others - final words
- Tested and compiled on
- Development system
- RedHat 6.0, Gnome-libs 1.0.8
- RedHat 6.1, Gnome-libs 1.0.40
- RedHat 6.2, Gnome-libs 1.?.?
- RedHat 7.0, Gnome-libs 1.2.4
- Debian
- potato, woody
- Ximian Gnome update
- Gnome-libs 1.2.11
- FreeBSD 4.1.1, Gnome-libs 1.2.4
- Latest version and reference