SUMMARY: Xsun not owned by root?

From: Grant Schoep (
Date: Mon Jan 11 1999 - 18:16:38 CST

Thanks to the following for their input and help:
Michael Neef
Igor Schein
Richard Smith
Casper Dik
Jeff Wimmer
It seems that the Xsun process is still owned by root. As the following
command shows(thanks Igor Schein)
# ps -e -o pid,uid,ruid,comm | nawk 'NR==1||/Xsun/'
15584 390 0 /usr/openwin/bin/Xsun

The real RUID shows root as the owner, while the UID shows a user. This
explains why they can't kill it, even though it looks like that user owns
the process. It still don't feel this is entirely normal, but I have figure
out when and why it doesn't always happen. If you sit down at the machine
and log in(after a reboot) the Xsun process is still owned by root the
whole time. When my Xwin32 users log into that Sun box, the first person
that does this gets their username attached to the Xsun process. This
doesn't go away when they logoff.

As Michael neef suggessted I check the following
"possibly the X server doesn't terminate after user logout. Search in
/etc/dt/config/Xconfig and /usr/dt/config/Xconfig for the following line:
Dtlogin*terminateServer: True"
It checked it and it was set to True.

Jeff Wimmer also stated the following:
Your permissions should be as such on Xsun:

-rwxr-sr-x 1 root root 903512 Jul 7 1997

Notice the sticky bit set on the group, so that whomever logs in, takes
ownership. I am logged in above as root, and therefore it shows root as
the owner.

So as of now, I don't think it is a problem. Nothing seems affected, so I
will let it sit so I can start working on other problems.

Here's my original Post:
Has anyone noticed that /usr/openwin/bin/Xsun does seem to be owned by root
on Solaris 2.6, even though it is? On all our SOlaris 2.6 machines, ps
reports that /usr/openwin/bin/Xsun is owned by a user. I think it is the
first user to log into that machine, if they log out, it still shows they
are the owner. If that user tries to kill the process, it says they are not
the user, even though ps reports they are. This is happening on multiple
rev levels of 2.6. And doesn't seem to be dependant on hardware since it
does it on SS 5,20s and Ultras. One odd thing, is that on machines that
have the same patches, sometimes Xsun is owned by root. I can't figure it
out what the difference would be.
This isn't that serious, since the user can't actually kill the process,
but it panicked me at first thinking that it would allow them to kill the
process. I'm still worried this allowing a way for the user to possible
kill this process, which wouldn't be a good thing for all the other users.
I can't seem to find anything about this on sunsolve. Has anyone seen this?
If it helps here is a couple differnt ps -efly lines that show this.
S pat 11235 522 0 40 20 7440 123160 615642a6 17:46:33 ? 0:01
/usr/openwin/bin/Xsun :0 -nobanner
heres another
S asherw 645 316 1 40 20 24640 125424 600b20ee Dec 18 ? 3:08
/usr/openwin/bin/Xsun :0 -nobanner
Any ideas would really be appreciated, I can't help but feeling this is
some type of security hole.

Grant Schoep,
System/Network Administrator
L3 Communications Telemetry & Instrumentation
San Jose,CA (408)271-0800, Ext. 135

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:13 CDT