[sudo-users] sudo comes back with error "The installer is unable to run in graphical mode"

web O Donell webolinux at gmail.com
Mon Aug 13 13:20:32 EDT 2007 

*sudo cmd comes back with error "The installer is unable to run in graphical
mode"*
------------------------------
Using suse SLES 2.6.16.21-0.8 (64bit)

Administering sudo to execute a proprietory installer written in
Java<http://www.linuxforums.org/forum/#>Swing for our app.

Is this a sudo error or ssh error?
I am able to bring up the installer when logged in as "root "
Also I can bring up the installer when logged in as user without using sudo
Only when the user does a sudo cmd to invoke the installer it fails !!

I copied over the user cookie to root's.Xauthority by

*ssh -X user at hostname
# Gain root privileges,
su -
# and merge the Xauth information like this:
xauth merge /home/user/.Xauthority*


"xauth list" when logged in as root has 2 entries;
hostname/unix:10   MIT-MAGIC-COOKIE-1  <xxxxcookiexxxx>
 hostname/unix:11   MIT-MAGIC-COOKIE-1  <xxxxcookiexxxx>
xauth list for a user has similar cookies listed  in it

when the user su 's to root and does an "xauth list" it lists only one
cookie and not 2 entries, the hex code is the same as that in root & user's
xauth except that it has only one entry and it still matches one of the
entries in both roots and users's cookies
 hostname/unix:10   MIT-MAGIC-COOKIE-1  <xxxxcookiexxxx>

Can someone please throw some light on what is the root cause for this
behaviour??? Thanks in Advance
----------------------------------------------------------------------
The settings in /etc/ssh/sshd_config has the foll 2 enabled the rest being
defaults
X11Forwarding yes
X11UseLocalhost yes

Using a Linux client (or with Win client with cygwin XServer running) to
connect to the server <http://www.linuxforums.org/forum/#> via ssh with X11
forwarding enabled to bring up graphical display of the installer . All the
users are part of a group SUPPORT.

The entries in /etc/sudoers are as follows;

# Used User Alias for all the users instead of using group
#User_Alias REMOTE= Bob, Nick, Mary

# enable access to both src dir and target dir , note the esc "\" before the
":"
Cmnd_Alias DOIT=/tmp/dload/installer.bin -is\:javahome
/usr/java/j2sdk1.4.2_13, /tmp/dload/*, /usr/app[AB]*
Cmnd_Alias SU= /bin/su -, /bin/su "", /bin/su root # disable su to root
Cmnd_Alias SCP=/usr/bin/scp *root* # Disable scp as root

Defaults always_set_home
Defaults env_reset

%SUPPORT ALL=(root) DOIT, !SU, !SCP
#%wheel ALL=(root) DOIT, !SU, !SCP
#REMOTE ALL=(root) DOIT, !SU, !SCP
----------------------------------------------------------------------
I tried using the wheel group and also tried assigning aliases to the users
rather than using the group. Is my sudo Cmnd_Alias DOIT correct since the
argument has space and ":" in it. I escaped the colon with a backslash, for
arguments with whitespace in it do I have to escape it??
I have allowed access to both the source dir /tmp/dload/*, and the destn dir
/usr/app[AB]*


When the user tries to sudo the cmds they get the foll error;
suse1#> sudo -u root -b /tmp/dload/installer.bin -is:javahome
/usr/java/j2sdk1.4.2_13
"
InstallShield Wizard
Initializing InstallShield Wizard...

Searching for Java™ Virtual Machine...
........The installer is unable to run in graphical mode. Try running the
installer with the -console or -silent flag.
"
----------------------------------------------------------------------
When run with strace I get the foll error;( copied only the last few lines)
suse1#> strace sudo -u root -b /tmp/dload/installer.bin -is:javahome
/usr/java/j2sdk1.4.2_13

geteuid() = 5001
write(2, "sudo: ", 6sudo: ) = 6
write(2, "must be setuid root", 19must be setuid root) = 19
write(2, "\n", 1
) = 1
exit_group(1) = ?
Process 13640 detached
----------------------------------------------------------------------

The default settings for sudo on my server:
suse1:/usr/java # sudo -V
Sudo version 1.6.8p12

Authentication methods: 'pam'
Syslog facility if syslog is being used for logging: auth
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Ignore '.' in $PATH
Send mail if the user is not in sudoers
Use a separate timestamp for each user/tty combo
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Set $HOME to the target user when starting a shell with -s
Allow some information gathering to give useful error messages
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 5 minutes
Password prompt timeout: 5 minutes
Number of tries to enter a password: 3
Umask to use or 0777 to use user's: 022
Path to mail program: /usr/sbin/sendmail
Flags for mail program: -t
Address to send mail to: root
Subject line for mail messages: *** SECURITY information for %h ***
Incorrect password message: Sorry, try again.
Path to authentication timestamp dir: /var/run/sudo
Default password prompt: %p's password:
Default user to run commands as: root
Path to the editor for use by visudo: /usr/bin/vi
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
File containing dummy exec functions: /usr/lib/sudo/sudo_noexec.so
Environment variables to check for sanity:
LANGUAGE
LANG
LC_*
Environment variables to remove:
PERL5OPT
PERL5LIB
PERLLIB
JAVA_TOOL_OPTIONS
SHELLOPTS
PS4
BASH_ENV
ENV
TERMCAP
TERMPATH
TERMINFO_DIRS
TERMINFO
_RLD*
LD_*
PATH_LOCALE
NLSPATH
HOSTALIASES
RES_OPTIONS
LOCALDOMAIN
CDPATH
IFS

More information about the sudo-users mailing list