SUMMARY: User: "Let'im in!" - X11: "No I won't!"

From: Jochen Bern (bern@kleopatra.Uni-Trier.DE)
Date: Wed Jan 19 1994 - 09:31:26 CST


Another quick one for the more experienced SUN Managers ... I wrote:

> this has been annoying me ever since, and RIGHT NOW I'm in the Mood to
> get mad about it. I usually log in as myself and use sudo and the like
> to do minor Admin Jobs. However, when Things get serious, I "become"
> root (su or rlogin -l). The Trouble is with X11 and xhost. I add and
> add and end up with this:

[humunguous List of user@... xhost Entries]

> However, when root tries to access the Display:

[Access denied]

> However, as soon as I add kleopatra (twisting my own Arm to do so :-( ),
> everything works.
>
> Who's doing wrong here and what?

It was pointed out to me that this is nothing special about OW but common
for (older) X11 Releases. In Fact, one of OWs biggest Pluses is that it
usually *doesn't* follow X11 Specs in this, instead it uses the xauth(1)
Mechanism. Thus, the_wise_Thing (tm) to do is something along the Lines of:

kleopatra:/home/TI/bern% whoami
bern
kleopatra:/home/TI/bern% xhost
access control enabled (only the following hosts are allowed)
kleopatra:/home/TI/bern% su
Password:
kleopatra:/home/TI/bern# setenv DISPLAY :0
kleopatra:/home/TI/bern# setenv XAUTHORITY ~bern/.Xauthority

which allows root (who, of course, can read ~bern/.Xauthority) to display.

Since some People didn't know why I'm not fond of "xhost +localhost",
let me point that out, too: This allows ANYBODY on the local Host to
fumble around with your X11 Server, not only to display whatever he
chooses, he can even monitor X11 Events like Mouse Movements and
Keystrokes! Rather bad if you continue to su ...

Regards,
                                                                        J. Bern



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:54 CDT