非root用户不能登录CDE的问题

非root用户不能登录CDE的问题

环境

问题 非root用户不能登录CDE；在输入用户名和口令后，经过短暂的黑屏，又回到了登录界面。

在登录失败的用户的主目录下的.dt/startlog文件中可见以下错误信息： --- /usr/dt/bin/Xsession starting... --- Xsession started by dtlogin

--- sourcing /home/oracle/.dtprofile...

--- sourcing /usr/dt/config/Xsession.d/0010.dtpaths... --- sourcing /usr/dt/config/Xsession.d/0030.dttmpdir... --- sourcing /usr/dt/config/Xsession.d/0040.xmbind... --- sourcing /usr/dt/config/Xsession.d/0050.dtxmodmap... 1356-203 xmodmap: Unable to open display: :0. --- starting /usr/dt/bin/dthello & --- starting /usr/dt/bin/dtsearchpath /usr/dt/bin/dthello: can′t open display --- starting /usr/dt/bin/dtappgather &

--- execing /usr/dt/bin/dtsession using /home/oracle/.profile... Error: Can′t open display: :0.0

--- Tooltalk Message Server did not start within timeout specified. --- Launching Xfailsafe_tooltalk_error to correct problems. 1356-265 /usr/bin/X11/xsetroot: Unable to open display: :0.0. mwm: 2053-015 Could not open display.

1356-203 xmodmap: Unable to open display: :0.0. Error: Couldn′t find per display information

解答 在这种情况下请检查操作系统安装日志（alog -t bosinst -o）。如果在日志中发现TCB和CAPP/EAL4+被启用，则可确认TCB和CAPP/EAL4+是导致问题的原因。

TCB和CAPP/EAL4+会修改很多系统文件的权限以实现极为严格的安全环境。在这种环境下，非root用户不能登录CDE。下面是安装日志中启用CAPP/EAL4+的体现：

Finishing CAPP/EAL4+ Technology configuration...

1). Search patches directory

2). Remove /dev/echo from /etc/pse.conf 3). Instantiate streams devices

4). Set permissions on BSD-style ptys to 000

5). Remove non-CC technology entries from inetd.conf 6). Update CC technology status in sysck.cfg

7). Change administrative commands to be executable by root only

要停止使用CAPP/EAL4+，请重新安装操作系统并不要选择启用TCB。