Message-ID:

Pohl's law: Nothing is so good that somebody, somewhere, will not hate it.

computers / alt.os.linux.ubuntu / X11-app after su - ... Next issue, caused by snap

X11-app after su - ... Next issue, caused by snap

<umv1gv$29bcv$1@dont-email.me>

https://www.rocksolidbbs.com/computers/article-flat.php?id=3794&group=alt.os.linux.ubuntu#3794

copy link Newsgroups: alt.os.linux.ubuntu

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: no_reply@dipl-ing-kessler.de (Markus Robert Kessler)
Newsgroups: alt.os.linux.ubuntu
Subject: X11-app after su - ... Next issue, caused by snap
Date: Mon, 1 Jan 2024 18:50:07 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 47
Message-ID: <umv1gv$29bcv$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 1 Jan 2024 18:50:07 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="8af539a8479aef49ae4081f1f63636c5";
logging-data="2403743"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX184/wa51sbVA4IIRSbPp9R3"
User-Agent: Pan/0.154 (Izium; 517acf4)
Cancel-Lock: sha1:f/ihg4VgXZyrpacWcC3X694lKDI=

by: Markus Robert Kessle - Mon, 1 Jan 2024 18:50 UTC

Hi all,

some days ago I wrote here about su- / xauth solution:

> I have suspected pam authentication already, and in the meantime I
> compared Mageia and Raspbian more deeply regarding the entries in /etc/
> pam.d.
>
> I found out, that adding this line
>
> session optional pam_xauth.so
>
> to the front of /etc/pam.d/su
>
> solves this issue. I've also tested this on Ubuntu successfully.

Fine.

I can 'su - newuser' to invoke every other GUI based application like
xclock or even firefox running under a different UID.

Except chromium browser. There I get the following:

[14 dimke@ubuntu-bc-esp1 ~]$ su - test1
Password:

[7 test1@ubuntu-bc-esp1 ~]$ chromium-browser
/user.slice/user-1000.slice/session-3.scope is not a snap cgroup

So, this is obviously caused by some kind of "snap" mechanism, which
chromium is build up on.

And, yes, I know that a compromised desktop will not prevent a 'su -
newuser'-ed session within the same desktop from being monitored or
hacked.

But, I try to keep my different accounts apart from each other to avoid
interference and other side effects like overwriting.

Should one try to get a non-snap-version, or
can this issue be solved somehow?

Thanks!

Best regards,

Markus

SOLVED, Re: X11-app after su - ... Next issue, caused by snap

<uo40g8$11rsp$1@dont-email.me>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=3802&group=alt.os.linux.ubuntu#3802

copy link Newsgroups: alt.os.linux.ubuntu

Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: no_reply@dipl-ing-kessler.de (Markus Robert Kessler)
Newsgroups: alt.os.linux.ubuntu
Subject: SOLVED, Re: X11-app after su - ... Next issue, caused by snap
Date: Mon, 15 Jan 2024 19:19:36 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 72
Message-ID: <uo40g8$11rsp$1@dont-email.me>
References: <umv1gv$29bcv$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 15 Jan 2024 19:19:36 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="434a2db502d07633807ccf7f9d34ebdc";
logging-data="1109913"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+CwGdK1BDVG124McXqjw2z"
User-Agent: Pan/0.149 (Bellevue; 4c157ba git@gitlab.gnome.org:GNOME/pan.git)
Cancel-Lock: sha1:bLZttu8hjoGz/9PFBizYgNvH7Dw=

by: Markus Robert Kessle - Mon, 15 Jan 2024 19:19 UTC

It seems that what I've described is a common problem coming along with
every "snap"-ed application. No real solution in sight, at least no
approach regarding the root cause.

But there is a workaround: Besides snapd-related "chromium browser" there
is also a non-snap version "chromium" (not to confuse with "chrome" which
is closed source, coming from google).

I removed the first one and installed the non-snap one.
Now, everything works as needed.

Markus

On Mon, 1 Jan 2024 18:50:07 -0000 (UTC) Markus Robert Kessler wrote:

> Hi all,
>
> some days ago I wrote here about su- / xauth solution:
>
>> I have suspected pam authentication already, and in the meantime I
>> compared Mageia and Raspbian more deeply regarding the entries in /etc/
>> pam.d.
>>
>> I found out, that adding this line
>>
>> session optional pam_xauth.so
>>
>> to the front of /etc/pam.d/su
>>
>> solves this issue. I've also tested this on Ubuntu successfully.
>
> Fine.
>
> I can 'su - newuser' to invoke every other GUI based application like
> xclock or even firefox running under a different UID.
>
> Except chromium browser. There I get the following:
>
> [14 dimke@ubuntu-bc-esp1 ~]$ su - test1 Password:
>
> [7 test1@ubuntu-bc-esp1 ~]$ chromium-browser
> /user.slice/user-1000.slice/session-3.scope is not a snap cgroup
>
> So, this is obviously caused by some kind of "snap" mechanism, which
> chromium is build up on.
>
> And, yes, I know that a compromised desktop will not prevent a 'su -
> newuser'-ed session within the same desktop from being monitored or
> hacked.
>
> But, I try to keep my different accounts apart from each other to avoid
> interference and other side effects like overwriting.
>
> Should one try to get a non-snap-version, or can this issue be solved
> somehow?
>
> Thanks!
>
> Best regards,
>
> Markus

--
Please reply to group only.
For private email please use http://www.dipl-ing-kessler.de/email.htm

Re: SOLVED, Re: X11-app after su - ... Next issue, caused by snap

<uo4quo$1539e$1@redfloyd.dont-email.me>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=3803&group=alt.os.linux.ubuntu#3803

copy link Newsgroups: alt.os.linux.ubuntu

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!redfloyd.dont-email.me!.POSTED!not-for-mail
From: no.spam.here@its.invalid (red floyd)
Newsgroups: alt.os.linux.ubuntu
Subject: Re: SOLVED, Re: X11-app after su - ... Next issue, caused by snap
Date: Mon, 15 Jan 2024 18:51:03 -0800
Organization: A noiseless patient Spider
Lines: 19
Message-ID: <uo4quo$1539e$1@redfloyd.dont-email.me>
References: <umv1gv$29bcv$1@dont-email.me> <uo40g8$11rsp$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 16 Jan 2024 02:51:04 -0000 (UTC)
Injection-Info: redfloyd.dont-email.me; posting-host="df48ffc41351d3dbf48180bbb33bec7a";
logging-data="1215790"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+H4n5bf6SEjvzswwHdzT4ROLFiXeQJARc="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:yBX82oqkrCBC/tjyY+OlcKwyTJE=
Content-Language: en-US
In-Reply-To: <uo40g8$11rsp$1@dont-email.me>

by: red floyd - Tue, 16 Jan 2024 02:51 UTC

On 1/15/2024 11:19 AM, Markus Robert Kessler wrote:
> It seems that what I've described is a common problem coming along with
> every "snap"-ed application. No real solution in sight, at least no
> approach regarding the root cause.
>
> But there is a workaround: Besides snapd-related "chromium browser" there
> is also a non-snap version "chromium" (not to confuse with "chrome" which
> is closed source, coming from google).
>
> I removed the first one and installed the non-snap one.
> Now, everything works as needed.
>
> Markus
>
>

Chromium is the base open-source browser. Chrome is Google's
proprietary version.

Subject	Author
X11-app after su - ... Next issue, caused by snap	Markus Robert Kessler
SOLVED, Re: X11-app after su - ... Next issue, caused by snap	Markus Robert Kessler
Re: SOLVED, Re: X11-app after su - ... Next issue, caused by snap	red floyd