on Mon, Nov 19, 2001 at 03:11:03PM -0700, Gary Hennigan ([EMAIL PROTECTED]) wrote: > DvB <[EMAIL PROTECTED]> writes: > > David Wright <[EMAIL PROTECTED]> writes: > > > > > When troubleshooting on RedHat, I often log in to a X session as a user, > > > then su to root in an xterm and run ethereal (a packet-sniffer with GUI) > > > to watch the network traffic that results from my actions as a user. > > > > > > I would like to do this on Debian, but when I try to start ethereal, I get > > > the error message: > > > Xlib: Client is not authorized to connect to Server > > > Apparently root is not allowed to display to a user's X session. How can I > > > allow this? > > > > > > 'xhost +localhost' should fix the problem (this allows connections to > > your x session from your local machine). > > If you use this just make sure you're the only one on the machine, or > that everyone that has an account on your machine is "trusted". It > completely opens up your entire X session to anyone on > "localhost". Nothing wrong with that, as long as you're aware that > that is the case. > > My preferred solution is to su to root and do: > > export XAUTHORITY=~myusername/.Xauthority ;export DISPLAY=:0.0 > > I think there are still some security concerns even with this, but > it's better than "xhost + localhost", as far as security goes anyway. > > The other option is to get the "Magic Cookie" of your xsession. The > sequence would be something like: > > % xauth list > junk/unix:0 MIT-MAGIC-COOKIE-1 a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7 > 192.168.1.1 MIT-MAGIC-COOKIE-1 a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7 > % su - > Password: > root% xauth add 192.168.1.1 MIT-MAGIC-COOKIE-1 > a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7 > root% export DISPLAY=192.168.1.1:0 > > I think that's the best approach if you're up-tight about security.
I'd pick a variant of your second which is IMO both easier and more secure than allowing another user to specify root's Xauth file: $ xauth merge ~user/.Xauthority ...will give root all the cookies in a user's xauth database. > Of course if you're really up-tight about security you wouldn't be > using X at all! ;) Y? ;^) -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html
pgpo1VYjIWx68.pgp
Description: PGP signature