Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Dec 2009
permissions error when user runs TightVnc via sudo
The system were using creates a user with minimal permissions when installed, and configures startup scripts so that the user runs our application (with root privileges) when booting up. Our application then starts a VNC server. The server is started by the user, and uses the home/user/.vnc directory for xstartup and log files, but it runs with root privileges sense its parent application had root privileges. This worked exactly as I would expect with RealVnc.
With TightVnc I get the complaint "wrong type or access mode for /home/user/.vnc". After some experimentation I discovered that TightVnc will run correctly if I change /home/user/.vnc folder so it is owned by root and set permissions to 700. This appears to be because our application was started by using sudo and thus runs as root. This would probably work for what we are doing, but it seems like a bad hack. There shouldn’t be a folder in a users home directory that he doesn’t have permission to access. I'm trying to determine rather there is a method to continue using the users’ home directory without changing the permissions.
In a related issue I'm having some difficulty with the .passwd file. I don't want the user to be able to modify this file. Unfortunately if I don't have a .passwd file owned by the user with 600 permissions vnc will prompt to create a password file when it is first started. Once the user enters a password TightVnc attempts to overwrite the passwd file I already created (my file having read only permissions) with a new password file with read/write permissions.
I don't know why it TightVnc is so particular about the specific permission levels. I'm hoping that there is some configuration setting which will tell Tight to be less restrictive about this, although I’ve looked through all it’s options and none look applicable. Can anyone suggest the correct method of configuring this?
- Join Date
- Dec 2009
Just an update. I have found one way that seems to get around this. In my application I can use the command
su user -c "vncviewer ...."
I know that there is a way to ensure roots Xauthuroity file/magic number carries over to the user, I know-I think I've even done it before-but I don't remember how. It seems like I'm always fighting with X11 and magic numbers. One would think I would take the time to figure out how X works instead of stumbling around blindly when I run into it, but that would imply that I was smart enough to learn from my previous failures.