From: no_reply@dipl-ing-kessler.de   
      
   It seems that what I've described is a common problem coming along with   
   every "snap"-ed application. No real solution in sight, at least no   
   approach regarding the root cause.   
      
   But there is a workaround: Besides snapd-related "chromium browser" there   
   is also a non-snap version "chromium" (not to confuse with "chrome" which   
   is closed source, coming from google).   
      
   I removed the first one and installed the non-snap one.   
   Now, everything works as needed.   
      
   Markus   
      
      
      
      
      
      
   On Mon, 1 Jan 2024 18:50:07 -0000 (UTC) Markus Robert Kessler wrote:   
      
   > Hi all,   
   >   
   > some days ago I wrote here about su- / xauth solution:   
   >   
   >> I have suspected pam authentication already, and in the meantime I   
   >> compared Mageia and Raspbian more deeply regarding the entries in /etc/   
   >> pam.d.   
   >>   
   >> I found out, that adding this line   
   >>   
   >> session         optional        pam_xauth.so   
   >>   
   >> to the front of /etc/pam.d/su   
   >>   
   >> solves this issue. I've also tested this on Ubuntu successfully.   
   >   
   > Fine.   
   >   
   > I can 'su - newuser' to invoke every other GUI based application like   
   > xclock or even firefox running under a different UID.   
   >   
   > Except chromium browser. There I get the following:   
   >   
   >     [14 dimke@ubuntu-bc-esp1 ~]$ su - test1 Password:   
   >   
   >     [7 test1@ubuntu-bc-esp1 ~]$ chromium-browser   
   >     /user.slice/user-1000.slice/session-3.scope is not a snap cgroup   
   >   
   > So, this is obviously caused by some kind of "snap" mechanism, which   
   > chromium is build up on.   
   >   
   > And, yes, I know that a compromised desktop will not prevent a 'su -   
   > newuser'-ed session within the same desktop from being monitored or   
   > hacked.   
   >   
   > But, I try to keep my different accounts apart from each other to avoid   
   > interference and other side effects like overwriting.   
   >   
   > Should one try to get a non-snap-version, or can this issue be solved   
   > somehow?   
   >   
   > Thanks!   
   >   
   > Best regards,   
   >   
   > Markus   
      
      
      
   --   
   Please reply to group only.   
   For private email please use http://www.dipl-ing-kessler.de/email.htm   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)