On Sat, 2005-06-25 at 23:15 -0500, Jonathan Berry wrote: > Hi all, > > I've noticed that with FC4 if I use "sudo su -" to get a root shell > and try to open an X application (like a GUI text editor, for > instance) I get the error: > Xlib: connection to ":0.0" refused by server > Xlib: No protocol specified I saw this mentioned elsewhere in context of pam_console and it seems to be a bug - but really, it is a BAD idea to allow sudo to do anything that can result in a root shell. Really bad idea. I know that is the default on OS X - but OS X has a lot of bad defaults (which why everyone except me has to fix permissions so often - I never log into OS X as an admin and thus permissions never get screwed up) sudo is to allow certain users to be able to run certain tasks that they otherwise would not have sufficient privilege to run. It should ONLY be used for users who should not have the root password, but for which other authentication mechanisms (such as pam and/or suid) are not proper ways to give them access to something they need to do (IE a shell script that needs permission to mount an iso image over loopback, or a junior admin who needs permission to restart apache) The problem with sudo is that if sudo is configured to allow a user to spawn a shell, then the root account is no more secure than that users password. If you want to run a single command as root and you have root access, you can do so via su --command="command to run" If you need a root shell, use su - (or just plane su if you don't need to get roots environment) It is a bad idea to use sudo to become root. Even on OS X - which seems to be what made the notion of doing that popular.
