Hello fellow lemmings
I am a long-time i3 user and have decided to switch to Sway. I have encountered a weird error which has left me utterly bamboozled.
I am using Ubuntu 24.04 which has gone from 20.04 -> 22.04 -> 24.04. It has Ubuntu-Gnome, i3 and Sway currently installed.
The issue
The error that I’m facing is when I’m using Sway, I simply don’t have sudo access.
This is what the error looks like
$ sudo visudo
[sudo] password for xavier666:
Sorry, user xavier666 is not allowed to execute '/usr/sbin/visudo' as root on <HOSTNAME>.
When I switch back to i3, my permissions are fine for the same user. I have not done any crazy modifications to the sudoer’s file as far as I can remember.
PS: I have added a command to no-sudo xavier666 ALL = NOPASSWD: /usr/bin/brightnessctl
The “fix”
I temporarily solved it by adding xavier666 ALL=(ALL:ALL) ALL to the sudoer’s file.
IMO, I think this should not be required. I don’t remember ever adding the default user to the file for all the installations that I have done. (But this is the first time I’ve installed Sway)
Logs/Outputs
Running sudo -l without the fix (on Sway)
Matching Defaults entries for xavier666 on <HOSTNAME>:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin,
use_pty
User xavier666 may run the following commands on <HOSTNAME>:
(root) NOPASSWD: /usr/bin/brightnessctl
When I run the same command on i3, i get this (ALL : ALL) ALL extra line in the output.
And when I run sudo -l with my fix on Sway, (ALL : ALL) ALL is present and the permission issue is fixed.
What is causing Sway to remove the root permission for the user?
Note: I’m just asking for the standard sudo behaviour. I’m not trying to run GUI applications as root.
You must log in or # to comment.
From my experience a user account usually needs to be in the “wheel” group to elevate privileges through sudo. So try that.
This likely has nothing to do with sway but with the way the sway session is started, as opposed to the i3 session.
We need more info on this.Isn’t i3 Xorg only, and sway wayland only? That would mean the whole graphical server has also changed.
but with the way the sway session is started, as opposed to the i3 session. We need more info on this.
I’m using gdm to start sway. I’m using the laptop’s built-in fingerprint scanner to unlock (Not sure if it matters). I saved the fingerprint in the Gnome session long back.
gdm probably looks inside
/usr/share/wayland-sessionsand findssway.desktopand uses it to launch Sway.I’ve tried to keep things as vanilla as possible.
Isn’t i3 Xorg only, and sway wayland only?
Correct.
Maybe wayland is launched using restrictive set of permissions.
gdm probably looks inside /usr/share/wayland-sessions and finds sway.desktop and uses it to launch Sway.
And how did you use to start i3?
One big difference is that sway doesn’t run as a login process (and neither does gdm), meaning none of your .profile files are getting sourced. Check how your environment variables differ between i3 and sway and see if that might be the issue.
You’re going to have to look at how that process works on Ubuntu and how it differes from Xorg session start.
gdm probably looks inside /usr/share/wayland-sessions and finds sway.desktop and uses it to launch Sway.
FWIW, these are all text files. Look at them.
Sorry, I have to go now. More tonight, if you want.
these are all text files
Yeah, it just calls the executable mentioned in the
.desktopfile (/usr/bin/sway). It should not be a GDM, issue, right?I also checked that I don’t have
seatdinstalled, which is a “minimal user, seat and session management daemon” mentioned in arch wiki (https://wiki.archlinux.org/title/Sway). Could it be related?Sorry, I have to go now. More tonight, if you want.
No hurry, the fix I am using is not causing issue. I just want to know why this is happening. This is a fun research problem.
PS: I checked Google and I didn’t find anyone who has faced the same issue.
Can you compare
groupsoutput under both sessions?Specifically, if you don’t show membership of sudo in your Sway session, try this
loginctl enable-linger lazarusInisde i3 WITHOUT FIX
$ groups xavier666 adm cdrom sudo dip plugdev lpadmin lxd sambashare $ groups xavier666 xavier666 : xavier666 adm cdrom sudo dip plugdev lpadmin lxd sambashareInside sway WITH/WITHOUT FIX
$ groups xavier666 root $ groups xavier666 xavier666 : xavier666 adm cdrom sudo dip plugdev lpadmin lxd sambasharePS: I corrected the username, it should be
xavier666. I corrected the main post.$ groups
xavier666 root
Sorry what? As what user are you executing all these ‘groups’ commands? Unless Ubuntu does things significantly differently from Arch and Debian, there’s something very fishy going on here. The “normal” user should not be in the root group, and root should not be in the normal user’s group.
Have you done other things beside the “fix” you mentioned?
That “fix” from your op, btw, looks totally valid to me.
Try enable-linger. As I understand it, the issue is related to the way Sway handles Wayland sockets, and enable-linger kicks things off before Sway is involved.
I’m unsure how to use the command. I added it to the main Sway config file, which means it’s executed whenever Sway starts (Post login).
However, it didn’t make any difference. I also ran it manually
$ loginctl enable-linger xavier666 $ sudo visudo [sudo] password for xavier666: Sorry, user xavier666 is not allowed to execute '/usr/sbin/visudo' as root on <HOSTNAME>.You run it and then reboot. If that doesn’t fix it, then it didn’t fix it :\
