On Tuesday 26 May 2015 23:52:38 D. R. Evans wrote: > David Wright wrote on 05/26/2015 04:16 PM: > > When I ssh to a remote machine as myself, DISPLAY is set to > > localhost:10.0 (11, 12, etc) and AIUI X clients find my local X server > > through the encrypted ssh connection. Because the authority file on the > > remote host is in its standard location, namely ~/.Xauthority, the > > parameter XAUTHORITY is left unset. > > > > If I now switch to root (I don't use sudo for this, but /bin/su -) > > root needs to be given XAUTHORITY=/home/foo/.Xauthority so it can > > find that file, eg, > > # XAUTHORITY=/home/foo/.Xauthority xeyes > > > > So I think what you need to do is set XAUTHORITY (redundantly) for > > youself when you ssh, and then it will get passed to root because > > of -E. Or you can pass it just like HOME, but that's more typing. > > If I understand you correctly, I think that you are saying that: > n7dr@shack:~$ AUTHORITY=/home/n7dr/.Xauthority HOME=/root sudo -E xterm > should work (although I admit that I don't understand I'm why it should > work, since /home/n7dr/.Xauthority is identical to /root/.Xauthority). > > Anyway; unfortunately: > > n7dr@shack:~$ AUTHORITY=/home/n7dr/.Xauthority HOME=/root sudo -E xterm > X11 connection rejected because of wrong authentication. > > > However, I have to point out that I never run graphical clients as > > root because I don't trust them. > > Fair enough, but the machine in question is on a private network and I have > been doing this (in particular, ssh + synaptic for package control) for > more years and distributions than I care to admit, so I very much want to > continue to do so. This is the first time I've found that I can't do it by > default after installing a new distro. Which is fine; I understand that > this protection is a configuration decision by debian; but even so, there > must be some way to get non-default behaviour.
There is. I'm sorry that I don't know it. Wait a bit and someone who knows is bound to come on line. I'll see if I can find out on any of my other lists. But when I get up in the morning - I'm on my way to bed. (GMT +1) You aren't the only one perverse enought to want to do it. ;-) Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201505270004.24825.lisi.re...@gmail.com
