su question

Tue Sep 30 09:02:01 UTC 2008

On Mon, Sep 29, 2008 at 05:04:34PM -0500, Linda wrote:
> Johnny Rosenberg wrote:
> > 2008/9/29 Linda <haniganwork at earthlink.net 
> > <mailto:haniganwork at earthlink.net>>
> >
> >     I have several timeshare employees that I would like to have share the
> >     same email account but not the same login. I thought I had a solution
> >     figured out by moving the thunderbird-profile to a directory they
> >     could
> >     all access. However thunderbird ignores umask and on closing sets the
> >     inbox as user rw no group permissions.
> >     I thought I would solve my problem with thunderbird resetting the
> >     inbox
> >     permissions different than umask by having my different users
> >     access the
> >     same thuderbird profile using su. I could just create a user for the
> >     thunderbird account set it up the way I wanted unfortunately it
> >     does not
> >     work.
> >     If I type su username -c thunderbird
> >
> > Well, as far as I know, su doesn't work in Ubuntu. There is no root 
> > password anyway, so whatever password you enter, it's wrong… Or maybe 
> > it just doesn't work for me…
> > Have you tried "sudo su" instead of just "su"? Then you just enter 
> > your own password when asked.
> >
> >
> Actually I have su installed so I can change to be a different user, the 
> advantage here is you have to know the users password to do it. I do not 
> want to give them adminstrative permissions

The suggested mail alias seems a simple way to reach all the group
members, but how does timeshare employee D know whether to action all
or any of the inbox contents, if A,B,C have been active (on replicate
inboxes)? Collaboration seems minimal.

If that thunderbird thing is still in the game plan, then have you tried
putting the files in question into a common directory, with the sgid bit
set? (chmod g+s,+t,u+rwx,g+rwx some_dir # might be best) That should
generally override a user's application's umask vagaries, i.e. "When
SGID is set on a directory, newly created files will inherit the gid of
the directory, not that of the user creating the file." (Setting the
sticky bit (+t) will improve protection of individual users' exclusively
owned files in a shared directory.

The other problem (from the OP):

> (thunderbird-bin:9606): Gtk-WARNING **: cannot open display: :0.0

will be confirmed if you get this:

$ xhost
access control enabled, only authorized clients can connect

If so, try:

$ xhost +
access control disabled, clients can connect from any host

Then the "cannot open display: :0.0" should go away.
There is a security penalty to doing this permanently. Others on your
network (hopefully behind one or two firewalls) will now be able to
throw things onto that X session.

But none of that is necessary if the sgid directory allows the
individual users to collaborate without any need to su. I've used that
method for some decades, managing varied group access to different parts
of project directory hierarchies.

Hope that works for you too.

Erik