Thursday, September 28, 2023
 Popular · Latest · Hot · Upcoming
rated 0 times [  5] [ 0]  / answers: 1 / hits: 5771  / 1 Year ago, tue, august 16, 2022, 1:49:23

The core issue is: ANY gnome session not sitting ontop of a real physical/native display --or shadowing that display (ie. NXserver's shadow mode)-- has faulty privileges. Even when run as root!

Any comments on a way to fix the problematic behavior for the VNC/non-shadow NX sessions?

I'm upgrading my home Ubuntu headless server after a long while, and I'm having lots of problems that I do not remember existing in previous Ubuntu versions.

Some details:

  • I started with ubuntu-11.04-server-amd64.iso and then installed ubuntu-desktop on-top of it.

  • uname -a: Linux MiddleEarth 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux

  • The hardware is Intel D920, 2GB Ram, gfx is some fan-less nvidia 6600, 3xGigabit, 1x100mbit, no monitor,keyboard,mouse attached.

Round 1

While I was doing the testing/setting up with a monitor attached, everything was peachy, both when sitting infront of that monitor and when VNCing in from my desktop machine (into vino).

Without a monitor though problems arise:


The very first problem was vino being stubborn and not liking to load before/during GDM. But since this is a headless system, I dont really need it to start with X by default (ie change the init level) anyways, so that's a bit moot. However, I distinctly remember this being very easy to do in an older ubuntu version ( v9.04 I think ). And it worked fine; but not any more!? ... anyways I dropped that idea altogether.


Then it was Unity/effects messing VNC (Solved it by cheating).


I originally switched to NXserver hoping that maybe the following problems are tightvnc or vino issues, but no such luck. (Note: read round2)

When remoting in via VNC (or NXserver) my user account loses the ability to mount/unmount HDDs.

Screenshot: Unable to mount 750GB_RAID1

When remoting in via VNC (or NXserver) my user account cannot access some priviledged configuration options,

some examples:

  • cannot do anything (ie. 'add' a user or 'advanced settings') in "System -> Administration -> Users and Groups".

  • cannot use 'unlock' in "System -> Administration -> Login Screen".

  • gparted fails to get any information about the filesystems.

  • etc. (various other admin/config dialogues don't properly work either)

I can only guess this has something to do with user privileges not being assigned properly when an actual physical monitor device is not connected.

The reason 'WHY' this happens in ubuntu 11.04, when it is headless, escapes me; I do not remember this behaviour in previous versions of ubuntu.

Do note that the HDD mounting problem is a non-issue for internal/static hdds (I just add them to fstab since they're static anyways). But really a big pain for removable usb media.

The rest of the problems, I have not figured out how to fix...

I know what you're thinking... log in to ssh, sudo su, and run vncserver under root entirely?

Screenshot: (as root) gparted fails to find fs info

Surprise Surprise! root's gui is broken too: gparted fails to get info, user&groups is entirely grayed out (this is a different behaviour than my regular user). Weirdly enough the Login screen administration proggy seems to work fine.

Round 2

( NOTE: I do not know if this did or did not make a difference to the outcome. At some point between round 1 and round 2, I applied the changes mentioned in posts #21 and #24 in this thread )

The regular tightvnc/NXServer sessions have the same behaviour, BUT...

[Partial Solution/The actual problem is still there]

In the NXClient connection settings, when I choose the 'shadow' mode (shadow attaches you to the native display, ie. desktop shadowing)...

Everything works perfect inside this session!

One thing I noticed is that it immediately asks me for a keyring password... maybe the whole mess has something to do with the keyring system gnome uses?

But, if I connect with a regular (not shadow) NX connection, or a regular vnc it goes back to having the same problems.

P.S. There were a couple of days inbettween when I wrote round1 and round2 (I was keeping it in a txt file locally). I was testing out various sugestions to see what would work, which is why I don't know for sure if that xorg.conf VNC device edit or that nomodeset setting made a difference.

[EDIT 2011-06-10]

NXServer and GDM

At the time of writing I had set the system up to auto-login, which was why the shadow connection just simply worked. When I later disabled that and rebooted the system, NX gave an error, but with a little bit of Googling I found this thread

These are the uncommenting & changes I did on my /usr/NX/etc/server.cfg:

EnableAdministratorLogin = "1"
EnableSessionShadowing = "1"
EnableInteractiveSessionShadowing = "1"
EnableSessionShadowingAuthorization = "0"
EnableDesktopSharing = "1"
EnableInteractiveDesktopSharing = "1"
EnableFullDesktopSharing = "1"
EnableAdministratorDesktopSharing = "1"
EnableDesktopSharingAuthorization = "0"
EnableSystemDesktopSharingAuthorization = "0"

(If it was a more public network, ie university/large office I'd probably use a little stricter settings, but these suit me fine.)

After a reboot I logged in with nxclient to the desktop 'shadow' (native display) setting and got GDM! :D

Unfortunately clipboard doesn't work in the 'shadow' session (It works on the other/regular ones fine)

[EDIT 2011-06-11]

Stumbled upon Xvfb but it has the same issues when used like this:

Xvfb :2 -ac -screen 0 1280x1024x32 -pixdepths 8 24  2>&1 >/dev/null &
export DISPLAY=:2
gnome-session --session=2d-gnome 2>&1 >/dev/null &
x11vnc --display :2 --passwd blahblah

More From » 11.04


I located the culprit.

Tested on a fresh install, confirmed it's a bug.

I submitted a bug report

In short the issue is: The polkit authentication dialogue will show up on DISPLAY :0 instead of DISPLAY :1 where the VNC/NX session is.

A workaround may be to use libpam-keyring to auto authenticate upon login.

or... scratch that, that probably would not do it, a change for all policy kit settings from 'auth_admin' to just 'yes' would probably fix the issue, and that of course would make policyKit moot altogether... sigh

[#44713] Tuesday, August 16, 2022, 1 Year  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.

Total Points: 336
Total Questions: 105
Total Answers: 113

Location: Vietnam
Member since Sun, Oct 18, 2020
3 Years ago
oargrou questions
Thu, May 13, 21, 16:38, 2 Years ago
Wed, Jul 21, 21, 01:38, 2 Years ago
Sat, May 15, 21, 17:39, 2 Years ago
Tue, May 24, 22, 14:58, 1 Year ago
Sat, Mar 19, 22, 05:22, 2 Years ago