[Xrdp-devel] xrdp issues with running as non-root user

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Xrdp-devel] xrdp issues with running as non-root user

Roy Williams
Hello Everyone,

I have installed xrdp on RHEL 7.1 using Xorg drivers, it seems that I can login via "code=20" as root. I can confirm I cannot login as any other user local or using sssd with kerberos. I am in an environment where filesystem access is done via OpenAFS which requires appropriate tokens. I have seen file write access errors by xrdp but those do not seem to be the culprit as I've tested local logins and failed with the same error.


Fatal server error:
(EE) PAM authentication failed, cannot start X server.
    Perhaps you do not have console ownership?

The configuration is pretty much the default, barring I changed the Xorg line to provide more verbose output

[Xorg]
param1=-config
param2=/etc/X11/xrdp/xorg.conf
param3=-logfile
param4=/tmp/xorg-xrdp.log
param5=-noreset
param6=-ac
param7=-nolisten
param8=-verbose
param9=tcp

What's notable at the moment is that when logging in as root I do not receive the multiple closed to endpoint errors:
"[20150330-17:55:06] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 12"
followed by:
"[20150330-17:55:06] [ERROR] X server for display 11 startup timeout"

I did notice the "socket: 12" and "display 11" business but wasn't sure if that was the actual issue, everything seems to point to pam. I also commented out the "pam_console.so" in "/etc/pam.d/server" in an attempt to see if it was caused by the auth required line. It didn't change the behavior it just seems to fail if I am not logging in as root.

Roy

--
-----------------------------------------
  http://www.fang64.com
-----------------------------------------
               _/|         ____  
            =/_/      ,;`        `;,
          _/   |       :             :
  (      /    , |       :,          ,;  
   \ _ /^ \ /| |          `------ `    
       `'' ''   `''`
-----------------------------------------
"The brick walls are there for a reason. Right? The brick walls are not there to keep us out, the brick walls are there to give us a chance to show how badly we want something. Because the brick walls are there to stop the people who don't want it badly enough."
     -Randy Pausch, CMU (RIP July 25, 2008)

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
xrdp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/xrdp-devel
Loading...