From Newsgroup: alt.os.linux.ubuntu

Hi all,

some days ago I wrote here about su- / xauth solution:

I have suspected pam authentication already, and in the meantime I
compared Mageia and Raspbian more deeply regarding the entries in /etc/ pam.d.

I found out, that adding this line

session optional pam_xauth.so

to the front of /etc/pam.d/su

solves this issue. I've also tested this on Ubuntu successfully.

Fine.

I can 'su - newuser' to invoke every other GUI based application like
xclock or even firefox running under a different UID.

Except chromium browser. There I get the following:

[14 dimke@ubuntu-bc-esp1 ~]$ su - test1
Password:

[7 test1@ubuntu-bc-esp1 ~]$ chromium-browser
/user.slice/user-1000.slice/session-3.scope is not a snap cgroup

So, this is obviously caused by some kind of "snap" mechanism, which
chromium is build up on.

And, yes, I know that a compromised desktop will not prevent a 'su - newuser'-ed session within the same desktop from being monitored or
hacked.

But, I try to keep my different accounts apart from each other to avoid interference and other side effects like overwriting.

Should one try to get a non-snap-version, or
can this issue be solved somehow?

Thanks!

Best regards,

Markus
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: alt.os.linux.ubuntu

It seems that what I've described is a common problem coming along with
every "snap"-ed application. No real solution in sight, at least no
approach regarding the root cause.

But there is a workaround: Besides snapd-related "chromium browser" there
is also a non-snap version "chromium" (not to confuse with "chrome" which
is closed source, coming from google).

I removed the first one and installed the non-snap one.
Now, everything works as needed.

Markus






On Mon, 1 Jan 2024 18:50:07 -0000 (UTC) Markus Robert Kessler wrote:

Hi all,

some days ago I wrote here about su- / xauth solution:

I have suspected pam authentication already, and in the meantime I
compared Mageia and Raspbian more deeply regarding the entries in /etc/
pam.d.

I found out, that adding this line

session optional pam_xauth.so

to the front of /etc/pam.d/su

solves this issue. I've also tested this on Ubuntu successfully.

Fine.

I can 'su - newuser' to invoke every other GUI based application like
xclock or even firefox running under a different UID.

Except chromium browser. There I get the following:

[14 dimke@ubuntu-bc-esp1 ~]$ su - test1 Password:

[7 test1@ubuntu-bc-esp1 ~]$ chromium-browser
/user.slice/user-1000.slice/session-3.scope is not a snap cgroup

So, this is obviously caused by some kind of "snap" mechanism, which
chromium is build up on.

And, yes, I know that a compromised desktop will not prevent a 'su - newuser'-ed session within the same desktop from being monitored or
hacked.

But, I try to keep my different accounts apart from each other to avoid interference and other side effects like overwriting.

Should one try to get a non-snap-version, or can this issue be solved somehow?

Thanks!

Best regards,

Markus

--
Please reply to group only.
For private email please use http://www.dipl-ing-kessler.de/email.htm
--- Synchronet 3.20a-Linux NewsLink 1.114

From Newsgroup: alt.os.linux.ubuntu

On 1/15/2024 11:19 AM, Markus Robert Kessler wrote:

It seems that what I've described is a common problem coming along with
every "snap"-ed application. No real solution in sight, at least no
approach regarding the root cause.

But there is a workaround: Besides snapd-related "chromium browser" there
is also a non-snap version "chromium" (not to confuse with "chrome" which
is closed source, coming from google).

I removed the first one and installed the non-snap one.
Now, everything works as needed.

Markus

Chromium is the base open-source browser. Chrome is Google's
proprietary version.

--- Synchronet 3.20a-Linux NewsLink 1.114