intgr / ego Goto Github PK

View Code? Open in Web Editor NEW

124.0 7.0 2.0 204 KB

Alter Ego: run Linux desktop applications under a different local user

License: MIT License

Rust 89.93% Shell 10.07%

linux linux-desktop-applications xhost isolation sandboxing wayland pulseaudio

ego's Introduction

ego (a.k.a Alter Ego)

Do all your games need access to your documents, browser history, SSH private keys?

... No? Just run ego steam!

Ego is a tool to run Linux desktop applications under a different local user. Currently integrates with Wayland, Xorg, PulseAudio and xdg-desktop-portal. You may think of it as xhost for Wayland and PulseAudio. This is done using filesystem ACLs and X11 host access control.

Disclaimer: DO NOT RUN UNTRUSTED PROGRAMS VIA EGO. However, using ego is more secure than running applications directly under your primary user.

Distro packages

Distribution packages are available for:

Arch Linux (user-contributed package) https://aur.archlinux.org/packages/ego/

After installing the package, add yourself to the ego-users group. After logout and login, the ego command should just work.

(varia/README.md documents recommendations for distro packagers)

Manual setup

Ego aims to come with sane defaults and be easy to set up.

Requirements:

Rust & cargo
libacl.so library (Debian/Ubuntu: libacl1-dev; Fedora: libacl-devel; Arch: acl)
libxcb.so library (Debian/Ubuntu: libxcb1-dev; Fedora: libxcb-devel; Arch: libxcb)

Recommended: (Not needed when using --sudo mode, but some desktop functionality may not work).

machinectl command (Debian/Ubuntu/Fedora: systemd-container; Arch: systemd)
xdg-desktop-portal-gtk (Debian/Ubuntu/Fedora/Arch: xdg-desktop-portal-gtk)

Installation:

Run:

cargo install ego
sudo cp ~/.cargo/bin/ego /usr/local/bin/

Create local user named "ego": ^[1]

sudo useradd ego --uid 155 --create-home

That's all, try it:
```
ego xdg-open .
```

[1] No extra groups are needed by the ego user. UID below 1000 hides this user on the login screen.

Avoid password prompt

If using "machinectl" mode (default if available), you need the rather new systemd version >=247 and polkit >=0.106 to do this securely.

Create file /etc/polkit-1/rules.d/50-ego-machinectl.rules, polkit will automatically load it (replace <myname> with your own username):

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.machine1.host-shell" &&
        action.lookup("user") == "ego" &&
        subject.user == "<myname>") {
            return polkit.Result.YES;
    }
});

sudo mode

For sudo, add the following to /etc/sudoers (replace <myname> with your own username):

<myname> ALL=(ego) NOPASSWD:ALL

Changelog

Unreleased

Use X11 protocol directly via libxcb. The xhost dependency is no longer needed. (#163)

1.1.7 (2023-06-26)

Distro packaging: added tmpfiles.d conf to create missing ego user home directory (#134, fixed issue #131)
Ego now detects and warns when target user's home directory does not exist or has wrong ownership (#139)
Minimum Supported Rust Version (MSRV) is now 1.64.0 (#116)
Various minor cleanups, replaced unmaintained dependencies, dependency updates.

1.1.6 (2023-01-21)

Updated to clap 4.0.x (#101) and many other dependency updates
Fixes for new clippy lints (#95, #93, #111)
Use snapbox instead of hand-coded snapshot testing (#102)
Minimum Supported Rust Version (MSRV) was determined to be 1.60.0 (#113)

1.1.5 (2022-01-02)

Document xhost requirement, improve xhost error reporting (#76)
Upgrade to clap 3.0.0 stable (#71)

(Version 1.1.4 was yanked, it was accidentally released with a regression)

1.1.3 (2021-11-12)

Pin clap version (fixes #65) (#68)

1.1.2 (2021-05-08)

Enable sudo askpass helper if SUDO_ASKPASS is set (#58)
- Example how to set up a GUI password prompt with sudo: https://askubuntu.com/a/314401
- Note: For a GUI password prompt with the machinectl mode, you need to run a Polkit authentication agent instead

1.1.1 (2021-03-23)

Include drop-in files for polkit, sudoers.d, sysusers.d -- for distro packages (#53)
Documentation tweaks (#51, #53)

1.1.0 (2021-03-07)

Default to machinectl if available, fall back to sudo otherwise (#47)
Documentation & minor improvements (#46, #48)

0.4.1 (2021-01-29)

Fixed --machinectl on Ubuntu, Debian with dash shell (#42)
Fixed error reporting when command execution fails (#43)
Documented how to avoid password prompt with machinectl & other doc tweaks (#41)

0.4.0 (2021-01-29)

Improved integration with desktop environments:
- Launch xdg-desktop-portal-gtk in machinectl session (#6, #31)
- Old behavior is still available via --machinectl-bare switch.
Shell completion files are now auto-generated with clap-generate 3.0.0-beta.2 (#36, #28)
- bash, zsh and fish shells are supported out of the box.
Code reorganization and CI improvements (#21, #23)
Dependency updates (#20, #24, #27, #22, #26, #33, #35, #38, #37, #39)

0.3.1 (2020-03-17)

Improved error message for missing target user (#16)

0.3.0 (2020-03-02)

Initial machinectl support (using --machinectl) (#8)
Updated: posix-acl (#9)

0.2.0 (2020-02-17)

Added zsh completion support (#5)
Added --verbose flag (#4)
Added --user argument and command-line parsing (#3)

0.1.0 (2020-02-13)

Initial version

Appendix

Ego is licensed under the MIT License (see the LICENSE file). Ego was created by Marti Raudsepp. Ego's primary website is at https://github.com/intgr/ego

Thanks to Alexander Payne (myrrlyn) for relinquishing the unused "ego" crate name.

ego's People

Contributors

Stargazers

Watchers

Forkers

jgrussell ego520

ego's Issues

similar concept to my subu scripts

https://github.com/Thomas-Walker-Lynch/subu/tree/master

With the subu scripts, any user can become an administrator to subservient users. Then the user can sit over the top and transfer files between the subservient users, etc. basically be an administrator to them. I ran into ego today because the subservient users share the desk top with the master user.

At some point I imagine setting it up with virtual desktops and gnome tool bars. Right now in my typical mode of use I just run a shell as subu user, typically on its own virtual desktop, then do everything from the command line in the name of the user.

The original 'container' is the user. The user model is baked into the hardware. All virtual pages of user ids. All processes are owned by users and the uid is in a processor register when the process runs, that way assuring the user only gets the correct virtual pages etc. Only supervisor mode code is supposed to be able to change the system, users are supposed to be safe from each other.

If there is something broken with the user model, I would rather fix that instead of adding another virtual layer.

So glad to see this code today. If anyone would like to discuss subu please let me know. We could get on a video call I could share screen shots using it, and discussion the vision of it. If you agree on vision maybe we could fold that in here or something. I have used subu for a long time, just to figure out if it would work out, but you guys look to be further along.

Cannot compile/link using cargo

When I try to install ego using cargo I fail into linking problem like this:

    Updating crates.io index
  Downloaded ego v1.1.3
  Downloaded 1 crate (18.2 KB) in 0.58s
  Installing ego v1.1.3
  Downloaded clap_derive v3.0.0-beta.5
  Downloaded cfg-if v1.0.0
  Downloaded bitflags v1.3.2
  Downloaded hashbrown v0.11.2
  Downloaded shell-words v1.0.0
  Downloaded termcolor v1.1.2
  Downloaded proc-macro-error-attr v1.0.4
  Downloaded proc-macro-error v1.0.4
  Downloaded quote v1.0.10
  Downloaded os_str_bytes v2.4.0
  Downloaded proc-macro2 v1.0.32
  Downloaded users v0.11.0
  Downloaded heck v0.3.3
  Downloaded strsim v0.10.0
  Downloaded vec_map v0.8.2
  Downloaded syn v1.0.82
  Downloaded indexmap v1.7.0
  Downloaded log v0.4.14
  Downloaded unicode-segmentation v1.8.0
  Downloaded version_check v0.9.3
  Downloaded autocfg v1.0.1
  Downloaded ansi_term v0.12.1
  Downloaded clap v3.0.0-beta.2
  Downloaded unicode-width v0.1.9
  Downloaded libc v0.2.108
  Downloaded simple-error v0.2.3
  Downloaded lazy_static v1.4.0
  Downloaded atty v0.2.14
  Downloaded unicode-xid v0.2.2
  Downloaded textwrap v0.12.1
  Downloaded acl-sys v1.2.2
  Downloaded posix-acl v1.0.0
  Downloaded 32 crates (1.6 MB) in 1.00s
   Compiling version_check v0.9.3
   Compiling proc-macro2 v1.0.32
   Compiling unicode-xid v0.2.2
   Compiling libc v0.2.108
   Compiling syn v1.0.82
   Compiling autocfg v1.0.1
   Compiling unicode-segmentation v1.8.0
   Compiling log v0.4.14
   Compiling hashbrown v0.11.2
   Compiling unicode-width v0.1.9
   Compiling cfg-if v1.0.0
   Compiling bitflags v1.3.2
   Compiling os_str_bytes v2.4.0
   Compiling vec_map v0.8.2
   Compiling strsim v0.10.0
   Compiling lazy_static v1.4.0
   Compiling termcolor v1.1.2
   Compiling ansi_term v0.12.1
   Compiling simple-error v0.2.3
   Compiling shell-words v1.0.0
   Compiling textwrap v0.12.1
   Compiling heck v0.3.3
   Compiling indexmap v1.7.0
   Compiling proc-macro-error-attr v1.0.4
   Compiling proc-macro-error v1.0.4
   Compiling quote v1.0.10
   Compiling acl-sys v1.2.2
   Compiling atty v0.2.14
   Compiling users v0.11.0
   Compiling posix-acl v1.0.0
   Compiling clap_derive v3.0.0-beta.5
   Compiling clap v3.0.0-beta.2
   Compiling ego v1.1.3
error: linking with `cc` failed: exit status: 1
  |
  = note: "cc" "-m64" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.0.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.1.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.10.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.11.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.12.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.13.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.14.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.15.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.2.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.3.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.4.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.5.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.6.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.7.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.8.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.ego.8d071c80-cgu.9.rcgu.o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892.3c8bbj738qyjt64j.rcgu.o" "-Wl,--as-needed" "-L" "/tmp/cargo-install1jGYC7/release/deps" "-L" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib" "-Wl,-Bstatic" "/tmp/cargo-install1jGYC7/release/deps/libshell_words-6d8cde0d1fa160cd.rlib" "/tmp/cargo-install1jGYC7/release/deps/libansi_term-adb1bf2f3f2ada2d.rlib" "/tmp/cargo-install1jGYC7/release/deps/libclap-f8f6af50a1ff7b8b.rlib" "/tmp/cargo-install1jGYC7/release/deps/libstrsim-56157f8da5c46ae1.rlib" "/tmp/cargo-install1jGYC7/release/deps/libatty-10a3d583b2d521c3.rlib" "/tmp/cargo-install1jGYC7/release/deps/libtextwrap-c0c5b1a28404a015.rlib" "/tmp/cargo-install1jGYC7/release/deps/libvec_map-6b4c3b1725e929fb.rlib" "/tmp/cargo-install1jGYC7/release/deps/libos_str_bytes-0f139b9412ac0b35.rlib" "/tmp/cargo-install1jGYC7/release/deps/libtermcolor-e396ec365feb22cd.rlib" "/tmp/cargo-install1jGYC7/release/deps/libunicode_width-46343b86e3578057.rlib" "/tmp/cargo-install1jGYC7/release/deps/libindexmap-a210143ebcefbef8.rlib" "/tmp/cargo-install1jGYC7/release/deps/libhashbrown-25852e0a38341337.rlib" "/tmp/cargo-install1jGYC7/release/deps/libbitflags-90f2f40657e59023.rlib" "/tmp/cargo-install1jGYC7/release/deps/liblazy_static-4ce2692cf509fca4.rlib" "/tmp/cargo-install1jGYC7/release/deps/libusers-c9ceafa4019d1cb0.rlib" "/tmp/cargo-install1jGYC7/release/deps/libposix_acl-0f4564f923a774bf.rlib" "/tmp/cargo-install1jGYC7/release/deps/libacl_sys-d815fcc8bcd39a43.rlib" "/tmp/cargo-install1jGYC7/release/deps/liblibc-3745f9687763d979.rlib" "/tmp/cargo-install1jGYC7/release/deps/liblog-2e09ba68e4cfc97d.rlib" "/tmp/cargo-install1jGYC7/release/deps/libcfg_if-184c0cb368c4a9a4.rlib" "/tmp/cargo-install1jGYC7/release/deps/libsimple_error-057a53871322a648.rlib" "-Wl,--start-group" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd-80e93fdce0e07191.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libpanic_unwind-afc915bdb6d0e22d.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libminiz_oxide-39ad5955e7991302.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libadler-bdd48dfc264b895e.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libobject-c5109c0973e5fe4e.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libmemchr-2869dcb69afb077d.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libaddr2line-fe8f3134840b90af.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libgimli-8850b1ce86703d17.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd_detect-a847067360eb6d27.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_demangle-0f1db72e8fa83438.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libhashbrown-026f3313fd42d2af.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_std_workspace_alloc-210b215ebb73db0d.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libunwind-12f7d0d77dd8b19a.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcfg_if-4fbb8ffc106bfc4c.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/liblibc-38bf3d486932adee.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/liballoc-710c45c9c22cc017.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_std_workspace_core-d50abeceb37839d2.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcore-d4ecb56d66d52b71.rlib" "-Wl,--end-group" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcompiler_builtins-193639af6eef1fd0.rlib" "-Wl,-Bdynamic" "-lacl" "-lgcc_s" "-lutil" "-lrt" "-lpthread" "-lm" "-ldl" "-lc" "-Wl,--eh-frame-hdr" "-Wl,-znoexecstack" "-L" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib" "-o" "/tmp/cargo-install1jGYC7/release/deps/ego-4b26ac27f5437892" "-Wl,--gc-sections" "-pie" "-Wl,-zrelro" "-Wl,-znow" "-Wl,-O1" "-nodefaultlibs"
  = note: /usr/bin/ld: cannot find -lacl
          collect2: error: ld returned 1 exit status
          

error: failed to compile `ego v1.1.3`, intermediate artifacts can be found at `/tmp/cargo-install1jGYC7`

Caused by:
  could not compile `ego` due to previous error

"Can't open display" on KDE Plasma + Wayland

I cannot run any program with ego on KDE Plasma Wayland session). It fails with Can't open display.

Log:

$ ego -vvvvvvv xterm
[ego::logging] Log level TRACE
[users::base] Running getpwnam_r for user "ego"
[users::base] Loading user with uid 951
Setting up Alter Ego for user ego (951)
Runtime data dir '/run/user/1000' configured
Wayland socket '/run/user/1000/wayland-0' configured
X11 configured to allow +si:localuser:ego
Publishing PulseAudio cookie /home/cuihao/.config/pulse/cookie to /run/user/1000/ego/pulse-cookie
PulseAudio dir '/run/user/1000/pulse' configured
Running command: machinectl shell '--uid=ego' '-EWAYLAND_DISPLAY=/run/user/1000/wayland-0' '-EDISPLAY=:1' '-EPULSE_SERVER=unix:/run/user/1000/pulse/native' '-EPULSE_COOKIE=/run/user/1000/ego/pulse-cookie' -- .host /bin/sh -c 'dbus-update-activation-environment --systemd WAYLAND_DISPLAY DISPLAY PULSE_SERVER PULSE_COOKIE; systemctl --user start xdg-desktop-portal-gtk; exec xterm'
Connected to the local host. Press ^] three times within 1s to exit session.
xterm: Xt error: Can't open display: :1
Connection to the local host terminated.

Similar error when running in sudo mode (--sudo).

In the meanwhile, under Xorg session, ego works without problem.

Environment:

Arch Linux
Kernel: 5.14.16-zen1-1-zen
KDE Plasma: 5.23.3
ego 1.1.2-1 from AUR

`ego` user home directory not created by AUR package

Arch Linux
ego v1.1.5
Tested applications: Logseq , Joplin, VS Code.

Document the differences between sudo and machinectl modes

This is not properly explained anywhere, although mentioned in README and the sudo fallback warning

warning: machinectl (systemd-container) is not installed
warning: Falling back to 'sudo', some desktop integration features may not work

IIRC:

Can't use xdg-desktop-portal with sudo mode. What services does it provide and which applications use them?
GNOME Files had issues without xdg-desktop-portal?

Revoke guest user access after exiting?

This isn't very interesting for my use cases, but it might be prudent to clean up and remove the access that ego has granted after processes have quit.

However, if two ego processes are running and one quits, we shouldn't clean up until the second quits as well. So it seems we would need to store some state.

So this low priority, until I figure out a clean and simple way to solve this, or someone demonstrates an important use case for it.

binary release?

A github release with a precompiled linux binary would be nice :-)

avoiding password prompt with ego user other than `ego` itself (machinectl)

While the following:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.machine1.host-shell" &&
        action.lookup("user") == "ego" &&
        subject.user == "user") {
            return polkit.Result.YES;
    }
});

works for avoiding the password prompt when switching to the ego user, replacing "ego" with a different user (that is also a member of the ego group and can be controlled using ego) results in the password prompt being required

Lack of access to USB

Summary

Application run by ego doesn't have access to USB devices

Expected behavior

Application should be able to access USB devices with some run parameter

Steps to reproduce

Start application as another user (eg. ego --user=user2 firefox)
Try to access USB camera (eg. in discord) or other USB (eg. U2F Key)
Application doesn't see USB devices
If I login normally through gdm3 I can access USB devices without an issue

error's with ego + bubblejail

I've narrowed down a few thing to getting these two to work together. Mainly that the primary user needs to run sudo chmod +rwx in any bubblejail instance folders in ego's .local/bubblejail directory. However, it seems that whenever bubblejail tries to create a folder I get this error

Connected to the local host. Press ^] three times within 1s to exit session.
Failed to start xdg-desktop-portal-gtk.service: Unit xdg-desktop-portal-gtk.service not found.
bwrap: Can't mkdir /home/ego/Downloads: Permission denied
Traceback (most recent call last):
File "/usr/bin/bubblejail", line 32, in <module>
bubblejail_main()
File "/usr/lib/bubblejail/python_packages/bubblejail/bubblejail_cli.py", line 243, in bubblejail_main
func(**args_dict)
File "/usr/lib/bubblejail/python_packages/bubblejail/bubblejail_cli.py", line 111, in run_bjail
async_run(
File "/usr/lib/python3.11/asyncio/runners.py", line 190, in run
return runner.run(main)
^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/asyncio/runners.py", line 118, in run
return self._loop.run_until_complete(task)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/asyncio/base_events.py", line 653, in run_until_complete
return future.result()
^^^^^^^^^^^^^^^
File "/usr/lib/bubblejail/python_packages/bubblejail/bubblejail_instance.py", line 255, in async_run_init
raise BubblewrapRunError((
bubblejail.exceptions.BubblewrapRunError: Bubblewrap failed. Try running bubblejail in terminal to see the exact error.
Connection to the local host terminated.

Also I get this from just running ego
Failed to start xdg-desktop-portal-gtk.service: Unit xdg-desktop-portal-gtk.service not found. which might be related to this error error: Env variable XDG_RUNTIME_DIR unset when running sudo ego bubblejail run FireDragon FireDragon being a bubblejail instance

for reference, these do work when used separately. I'm on Garuda Linux with the KDE desktop

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

fix(deps): update cargo patch (anstyle, clap, clap_complete, log, simple-error, snapbox)
chore(deps): lock file maintenance

Detected dependencies

cargo

Cargo.toml

simple-error 0.3.0

posix-acl 1.2.0

clap ~4.5.4

log 0.4.20

shell-words 1.1.0

nix 0.29.0

anstyle 1.0.4

xcb 1.4.0

clap_complete ~4.5.2

snapbox 0.6.7

testing_logger 0.1.1

dockerfile

varia/Dockerfile.tests

github-actions

.github/workflows/audit.yml

actions/checkout v4

actions-rs/audit-check v1

.github/workflows/tests.yml

actions/checkout v4

Check this box to trigger a request for Renovate to run again on this repository

Signal-Desktop fails to start as a second user

I was hoping to run two instances of Signal-Desktop, one as my work account/phone number and one as my personal account/phone number, but the second instance will not start.

$ ego -u [user] signal-desktop
warning: machinectl (systemd-container) is not installed
warning: Falling back to 'sudo', some desktop integration features may not work
[sudo] password for [user]: 
mkdir: cannot create directory '/run/user/1000': Permission denied
NODE_ENV production
NODE_CONFIG_DIR /snap/signal-desktop/364/opt/Signal/resources/app.asar/config
NODE_CONFIG {}
ALLOW_CONFIG_MUTATIONS undefined
HOSTNAME undefined
NODE_APP_INSTANCE undefined
SUPPRESS_NO_CONFIG_WARNING undefined
SIGNAL_ENABLE_HTTP undefined
userData: /home/[snap]/snap/signal-desktop/364/.config/Signal
config/get: Successfully read user config file
Set Windows Application User Model ID (AUMID) { appUserModelId: 'org.whispersystems.signal-desktop' }
x-attr dependency did not load successfully
config/get: Successfully read ephemeral config file
making app single instance
quitting; we are the second instance

It looks like I'm using the snap version of Signal-Desktop.

Gtk-WARNING **: 09:53:52.943: Could not load a pixbuf from /org/gtk/libgtk/theme/Adwaita/assets/bullet-symbolic.svg

root@imx8mp-lpddr4-evk:~# paprefs

(paprefs:1751): Gtk-WARNING **: 09:53:52.943: Could not load a pixbuf from /org/gtk/libgtk/theme/Adwaita/assets/bullet-symbolic.svg.
This may indicate that pixbuf loaders or the mime database could not be found.
root@imx8mp-lpddr4-evk:~# pavucontrol

(pavucontrol:1772): Gtk-WARNING **: 09:54:09.895: Could not load a pixbuf from /org/gtk/libgtk/theme/Adwaita/assets/check-symbolic.svg.
This may indicate that pixbuf loaders or the mime database could not be found.
unable to fix this issue, Target board is imx8mplus evk

Teams does not run directly, but works via bash

I installed ego, and I get the following output but the program is not run...

(base) user_1@laptop:~$ ego -v -v -v -v -v --user=user_2 teams

[ego::logging] Log level TRACE
[users::base] Running getpwnam_r for user "user_2"
[users::base] Loading user with uid 1001
Setting up Alter Ego for user user_2 (1001)
Runtime data dir '/run/user/1000' configured
Wayland: WAYLAND_DISPLAY not set, skipping
X11 configured to allow +si:localuser:user_2
Publishing PulseAudio cookie /home/user_1/.config/pulse/cookie to /run/user/1000/ego/pulse-cookie
PulseAudio dir '/run/user/1000/pulse' configured
Running command: machinectl shell '--uid=user_2' '-EDISPLAY=:0' '-EPULSE_SERVER=unix:/run/user/1000/pulse/native' '-EPULSE_COOKIE=/run/user/1000/ego/pulse-cookie' -- .host /bin/sh -c 'dbus-update-activation-environment --systemd DISPLAY PULSE_SERVER PULSE_COOKIE; systemctl --user start xdg-desktop-portal-gtk; exec teams'
Connected to the local host. Press ^] three times within 1s to exit session.

Connection to the local host terminated.

Any thoughts??

Investigate Steam download issue

Experienced this yesterday, may be caused by ego.

GUI for password prompt

First of all, thanks for making this.

I'm currently using it with an i3 fork that changes the border based on the user that owns the window. This makes ego really useful for GUI apps, since I can just call ego --user=xxx dmenu_run to start something as another user, and have a light sandbox that's more convenient than running Qubes OS (and also loses most of the security benefits, lol).

But, when you're using ego outside of a terminal, you can't see the password prompt. It would be great to add a password prompt window (my lazy self thinks of using the dialog utility, but that's an external dependency).

Any thoughts on this?

PulseAudio socket loses ACL periodically

Need to investigate. Seems to happen at an interval somewhere between 1 hour to a day. Does pulse re-create its sockets?

No sound in sudo mode?

Hello,

I am using Ubuntu 20.04 with Wayland. My use case is that I have a work and personal account and want to run a window of Firefox as my personal user (with all my bookmarks, history etc) in my work session.

I ran:

sudo apt install libacl1-dev
cargo install ego
sudo cp ~/.cargo/bin/ego /usr/local/bin/
sudo useradd ego --uid 155 --create-home
ego -u [username]-personal firefox

It gives the following warnings:

warning: machinectl (systemd-container) is not installed
warning: Falling back to 'sudo', some desktop integration features may not work

Firefox seems to be working fine (I'm using it now), but I have no sound, which is the problem I was trying to solve with ego over and above running firefox using xhost and sudo manually. Does sound to pulseaudio only work with "machinectl" mode?

XDG_RUNTIME_DIR unset when using sudo

Apparently (at least on some distros), using sudo does not trigger the pam_systemd module. This causes issues with software that relies on D-Bus and other session services (e.g. dconf).

It seems that most applications are fine with this, but some functionality may be broken.

An alternative would be to use ssh or "machinectl shell" (https://unix.stackexchange.com/questions/346841/why-does-sudo-i-not-set-xdg-runtime-dir-for-the-target-user)

The downside is that these lack simple configuration for paswordless use.

That also opens a new can of worms: Gnome applications will hang for some seconds on startup because they expect xdg-desktop-portal-gtk, which fails to start, presumably because env vars haven't been injected at that point.

xdg-desktop-portal-gtk[524663]: Unable to init server: Could not connect: Connection refused
xdg-desktop-por[524663]: cannot open display:

Running /usr/lib/xdg-desktop-portal-gtk manually from the shell solves that issue.

ego kills terminal

Hi!

I start a second user session like this, on Fedora 35:

ego -u guest --sudo gnome-terminal

Works mostly fine (beside that the audio forwarding does not work reliably, but I can live with that).

From the gnome-terminal I then start other software, e.g. google-chrome, etc.

Now, I had the effect always, but lately, it has gone from seldom to almost daily, that the gnome-terminal dies at some point, taking with it all started programs.

More funny is that the terminal tab of the host account where I launched ego is also gone.

I can understand that the “child programs” get terminated for whatever reason, but I personallly do not understand the mechanism how the terminal that ego was started in gets killed?

GTK applications (including Firefox) are slow to start with GNOME 44

If you also experience this bug, please add a 👍 reaction.

With some recent-ish updates, GTK applications are quite slow to start up, waiting for 25+ seconds before opening any Windows appear.

Sorry, I haven't had time to finish investigating this. But it looks related to xdg-desktop-portal changes in GNOME version 44.

% G_MESSAGES_DEBUG=all gedit
[...]
(gedit:254958): Gtk-DEBUG: 20:29:55.622: Connecting to session manager
(gedit:254958): Gtk-DEBUG: 20:29:55.622: Failed to get the GNOME session proxy: The name org.gnome.SessionManager is not owned
(gedit:254958): Gtk-DEBUG: 20:29:55.623: Failed to get the Xfce session proxy: The name org.xfce.SessionManager is not owned
[---- 25 s delay ----]
(gedit:254958): Gtk-DEBUG: 20:30:20.641: Failed to get an inhibit portal proxy: Error calling StartServiceByName for org.freedesktop.portal.Desktop: Timeout was reached

journal output:

systemd[251317]: Current graphical user session is inactive.
systemd[251317]: Dependency failed for Portal service (GNOME implementation).
systemd[251317]: xdg-desktop-portal-gnome.service: Job xdg-desktop-portal-gnome.service/start failed with result 'dependency'.

Joplin-desktop snap fails to start with ego

Hello,

I think ego is great, thank you for your work.

If I try to run joplin-desktop (a snap installed on my 22.04 system), I get an error that the scope is not a snap cgroup:

$ ego -u username joplin-desktop
warning: machinectl (systemd-container) is not installed
warning: Falling back to 'sudo', some desktop integration features may not work
/user.slice/user-1001.slice/[email protected]/app.slice/app-org.gnome.Terminal.slice/vte-spawn-3a9c849b-30e2-43d6-977e-4ff8e5d1299b.scope is not a snap cgroup

This did used to work for me (only for a day or something, as I only just upgraded), but I suspect the issue is on the snap side.

Do you know if snaps should work with ego?

Add PipeWire camera/screen sharing support

Hopefully it's possible to implement this with filesystem ACLs, just like PulseAudio/Wayland.

Haven't looked into this in detail yet.

Can't run any program

Hi, I get this error every time I try to launch a program with ego

Setting up Alter Ego for user ego (155)
error: Error preparing X11: No such file or directory (os error 2)

I am on Gentoo using Sway and Wayland with Xwyaland installed. I do not have xorg installed.

Wishlist

List of "maybe" features to implement:

Ego Boost: a user interface for creating ego launchers, custom .desktop files?
Can xhost be replaced with a built-in solution?
Integration tests for full ego --sudo & ego --machinectl behavor. (#45)
Get rid of XDG_RUNTIME_DIR requirement for command-line-only usage

Doas support

Are there any plans to support doas besides sudo? I want to use ego in dmenu/tofi scripts, but I can't use ego in these scripts without sudo/doas, and I don't use sudo on my personal machines, if doas support is not so simple to do, is there any idea how to avoid this:

==== AUTHENTICATING FOR org.freedesktop.machine1.host-shell ====
Authentication is required to acquire a shell on the local host.
Multiple identities can be used for authentication:
 1.  ...
 2. ...
Choose identity to authenticate as (1-6): 2
Password:
==== AUTHENTICATION COMPLETE ====

I want something like this: ego --user $user --user_password $user_password $command

Fails to compile

Hi, I'm getting the following errors

Compiling ego v1.1.2 error[E0599]: no variant or associated item namedDisableVersionfound for enumAppSettingsin the current scope --> /home/fabio/.cargo/registry/src/github.com-1ecc6299db9ec823/ego-1.1.2/src/cli.rs:23:31 | 23 | .setting(AppSettings::DisableVersion) | ^^^^^^^^^^^^^^ | | | variant or associated item not found inAppSettings| help: there is a variant with a similar name:DisableVersionFlag`

error[E0599]: no variant or associated item named ColoredHelp found for enum AppSettings in the current scope
--> /home/fabio/.cargo/registry/src/github.com-1ecc6299db9ec823/ego-1.1.2/src/cli.rs:24:31
|
24 | .setting(AppSettings::ColoredHelp)
| ^^^^^^^^^^^ variant or associated item not found in AppSettings

For more information about this error, try rustc --explain E0599.
error: failed to compile ego v1.1.2, intermediate artifacts can be found at /tmp/cargo-installYiEjMx

Caused by:
could not compile ego due to 2 previous errors
`
I'm using rust 1.55.0 on gentoo since the stable version was giving errors during clap compile.

Cannot locate PulseAudio cookie

Hi,
I have problem using ego on Debian 12 when trying to run any app (I want to use it for linphone)

root@host:~# ego ./Linphone-5.1.2.AppImage
error: Error preparing PulseAudio: Cannot locate PulseAudio cookie (tried $PULSE_COOKIE, ~/.config/pulse/cookie, ~/.pulse-cookie)

How to get controllers working in steam?

How do you get controllers working with steam using ego? Steam doesn't detect the dualshock 4 I am using.