allowing X display from su'd environment
Hi! Yogesh Sharma wrote: > > I am using woody + testing + some unstable: > > in xterm/gnome-terminal usually I do (as normal user) xhost + Matt Zimmerman écrivait : > This disables access control in the X server. This is, almost always, a > very bad idea. A better way to allow it (when you switch from normal to root user) : [EMAIL PROTECTED]:~$ su - [EMAIL PROTECTED]:~# xauth merge ~test/.Xauthority [EMAIL PROTECTED]:~# export DISPLAY=:0.0 [EMAIL PROTECTED]:~# xterm# or whatever Xwindow program you want to run I can remember there was some 'su' feature doing it automagically somewhere (with RedHat, Mandrake or another one)... Cheers, J.C. -- Jean Christophe ANDRÉ <[EMAIL PROTECTED]> http://www.vn.refer.org/ Coordonnateur technique régional / Associé principal technologie projet Reflets Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP) / Note personnelle : merci d'évitez de m'envoyer des fichiers PowerPoint ou \ \ Word ; voir ici : http://www.fsf.org/philosophy/no-word-attachments.fr.html /
allowing X display from su'd environment
Hi! Yogesh Sharma wrote: > > I am using woody + testing + some unstable: > > in xterm/gnome-terminal usually I do (as normal user) xhost + Matt Zimmerman écrivait : > This disables access control in the X server. This is, almost always, a > very bad idea. A better way to allow it (when you switch from normal to root user) : test@localhost:~$ su - root@localhost:~# xauth merge ~test/.Xauthority root@localhost:~# export DISPLAY=:0.0 root@localhost:~# xterm # or whatever Xwindow program you want to run I can remember there was some 'su' feature doing it automagically somewhere (with RedHat, Mandrake or another one)... Cheers, J.C. -- Jean Christophe ANDRÉ <[EMAIL PROTECTED]> http://www.vn.refer.org/ Coordonnateur technique régional / Associé principal technologie projet Reflets Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP) / Note personnelle : merci d'évitez de m'envoyer des fichiers PowerPoint ou \ \ Word ; voir ici : http://www.fsf.org/philosophy/no-word-attachments.fr.html / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: chrooting apache[ssl,php,perl] and some mta
On Sat, Nov 09, 2002 at 12:32:40AM -0200, Henrique de Moraes Holschuh wrote: > > You could have a proper MTA outside the chroots (like postfix or exim). And > a bogus, stupid, cat-it-to-localhost-port-25 MTA inside the chroot, like > ssmtp :-) ok, that sounds better to me than unnecessary bloating my chroot environment. -- greetings /*/ michael ablassmeier
Re: chrooting apache[ssl,php,perl] and some mta
On Sat, 09 Nov 2002, Michael Ablassmeier wrote: > i did some apache chroot environment (php,perl,ssl), and now > some users want to use the php "mail" command, so i have to > include some mta into the chroot. You could have a proper MTA outside the chroots (like postfix or exim). And a bogus, stupid, cat-it-to-localhost-port-25 MTA inside the chroot, like ssmtp :-) -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
Re: chrooting apache[ssl,php,perl] and some mta
This one time, at band camp, Michael Ablassmeier said: > hi !.. > > i did some apache chroot environment (php,perl,ssl), and now > some users want to use the php "mail" command, so i have to > include some mta into the chroot. > As far as i know, Sendmail is not a good candiate to chroot. > > What mta would you prefer ? > Any hints for me ? > Thanx ! > -- > greetings /*/ michael ablassmeier I've never set it up myself, but postfix looks like it's fairly easy to do that with, and many people recommend it as a simple, flexibale and secure MTA. Steve -- Grandpa Charnock's Law: You never really learn to swear until you learn to drive. [I thought it was when your kids learned to drive. Ed.] pgpggUqafYIHB.pgp Description: PGP signature
chrooting apache[ssl,php,perl] and some mta
hi !.. i did some apache chroot environment (php,perl,ssl), and now some users want to use the php "mail" command, so i have to include some mta into the chroot. As far as i know, Sendmail is not a good candiate to chroot. What mta would you prefer ? Any hints for me ? Thanx ! -- greetings /*/ michael ablassmeier
Re: chrooting apache[ssl,php,perl] and some mta
On Sat, Nov 09, 2002 at 12:32:40AM -0200, Henrique de Moraes Holschuh wrote: > > You could have a proper MTA outside the chroots (like postfix or exim). And > a bogus, stupid, cat-it-to-localhost-port-25 MTA inside the chroot, like > ssmtp :-) ok, that sounds better to me than unnecessary bloating my chroot environment. -- greetings /*/ michael ablassmeier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: chrooting apache[ssl,php,perl] and some mta
On Sat, 09 Nov 2002, Michael Ablassmeier wrote: > i did some apache chroot environment (php,perl,ssl), and now > some users want to use the php "mail" command, so i have to > include some mta into the chroot. You could have a proper MTA outside the chroots (like postfix or exim). And a bogus, stupid, cat-it-to-localhost-port-25 MTA inside the chroot, like ssmtp :-) -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: chrooting apache[ssl,php,perl] and some mta
This one time, at band camp, Michael Ablassmeier said: > hi !.. > > i did some apache chroot environment (php,perl,ssl), and now > some users want to use the php "mail" command, so i have to > include some mta into the chroot. > As far as i know, Sendmail is not a good candiate to chroot. > > What mta would you prefer ? > Any hints for me ? > Thanx ! > -- > greetings /*/ michael ablassmeier I've never set it up myself, but postfix looks like it's fairly easy to do that with, and many people recommend it as a simple, flexibale and secure MTA. Steve -- Grandpa Charnock's Law: You never really learn to swear until you learn to drive. [I thought it was when your kids learned to drive. Ed.] msg07645/pgp0.pgp Description: PGP signature
chrooting apache[ssl,php,perl] and some mta
hi !.. i did some apache chroot environment (php,perl,ssl), and now some users want to use the php "mail" command, so i have to include some mta into the chroot. As far as i know, Sendmail is not a good candiate to chroot. What mta would you prefer ? Any hints for me ? Thanx ! -- greetings /*/ michael ablassmeier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: XFree86 4.2 bug in Debian Testing
On Fri, Nov 08, 2002 at 10:53:10AM -0800, Yogesh Sharma wrote: > > xhost is for working with connections coming over tcp. :0.0 uses > > a named socket (/tmp/Xsomething), and Debian's X servers don't listen > > in on a tcp socket by default (security. No chance of someone sniffing > > your password if nobody can connect remotely!). Thus, xhost won't work. > > > > I am using woody + testing + some unstable: > > in xterm/gnome-terminal usually I do (as normal user) > xhost + This disables access control in the X server. This is, almost always, a very bad idea. -- - mdz
Re: XFree86 4.2 bug in Debian Testing
Indeed. My mistake. I just verified that X wasn't listening in to tcp/6000, xhost +'ed, and su -'ed, setup the display variable, and it worked. NM. I'm wrong. Seems something on this guy's end is borken. -Joseph -- [EMAIL PROTECTED] "As far as Microsoft, we will never take a company lightly that can put $3bn in cash in the bank every quarter." --Mark Tolliver, Sun Microsystems
Re: XFree86 4.2 bug in Debian Testing
On Fri, 2002-11-08 at 11:42, Joseph Pingenot wrote: > xhost is for working with connections coming over tcp. :0.0 uses > a named socket (/tmp/Xsomething), and Debian's X servers don't listen > in on a tcp socket by default (security. No chance of someone sniffing > your password if nobody can connect remotely!). Thus, xhost won't work. > Try.. xhost + 'local:*' -- David Stanaway
Re: XFree86 4.2 bug in Debian Testing
> xhost is for working with connections coming over tcp. :0.0 uses > a named socket (/tmp/Xsomething), and Debian's X servers don't listen > in on a tcp socket by default (security. No chance of someone sniffing > your password if nobody can connect remotely!). Thus, xhost won't work. > I am using woody + testing + some unstable: in xterm/gnome-terminal usually I do (as normal user) xhost + su - as root export DISPLAY=:0.0 and all X programs works signature.asc Description: This is a digitally signed message part
Re: XFree86 4.2 bug in Debian Testing
On Fri, Nov 08, 2002 at 10:53:10AM -0800, Yogesh Sharma wrote: > > xhost is for working with connections coming over tcp. :0.0 uses > > a named socket (/tmp/Xsomething), and Debian's X servers don't listen > > in on a tcp socket by default (security. No chance of someone sniffing > > your password if nobody can connect remotely!). Thus, xhost won't work. > > > > I am using woody + testing + some unstable: > > in xterm/gnome-terminal usually I do (as normal user) > xhost + This disables access control in the X server. This is, almost always, a very bad idea. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: XFree86 4.2 bug in Debian Testing
>From Ivan Brezina on Friday, 08 November, 2002: >Another possibility is: >su -c vim-gtk >you can also use xhost +username for allowing users to connect to our >Xserver. But this does not work for me on Debian. xhost is for working with connections coming over tcp. :0.0 uses a named socket (/tmp/Xsomething), and Debian's X servers don't listen in on a tcp socket by default (security. No chance of someone sniffing your password if nobody can connect remotely!). Thus, xhost won't work. -Joseph -- [EMAIL PROTECTED] "As far as Microsoft, we will never take a company lightly that can put $3bn in cash in the bank every quarter." --Mark Tolliver, Sun Microsystems
Re: XFree86 4.2 bug in Debian Testing
Indeed. My mistake. I just verified that X wasn't listening in to tcp/6000, xhost +'ed, and su -'ed, setup the display variable, and it worked. NM. I'm wrong. Seems something on this guy's end is borken. -Joseph -- [EMAIL PROTECTED] "As far as Microsoft, we will never take a company lightly that can put $3bn in cash in the bank every quarter." --Mark Tolliver, Sun Microsystems -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: XFree86 4.2 bug in Debian Testing
On Fri, 2002-11-08 at 11:42, Joseph Pingenot wrote: > xhost is for working with connections coming over tcp. :0.0 uses > a named socket (/tmp/Xsomething), and Debian's X servers don't listen > in on a tcp socket by default (security. No chance of someone sniffing > your password if nobody can connect remotely!). Thus, xhost won't work. > Try.. xhost + 'local:*' -- David Stanaway -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: XFree86 4.2 bug in Debian Testing
> xhost is for working with connections coming over tcp. :0.0 uses > a named socket (/tmp/Xsomething), and Debian's X servers don't listen > in on a tcp socket by default (security. No chance of someone sniffing > your password if nobody can connect remotely!). Thus, xhost won't work. > I am using woody + testing + some unstable: in xterm/gnome-terminal usually I do (as normal user) xhost + su - as root export DISPLAY=:0.0 and all X programs works signature.asc Description: This is a digitally signed message part
Re: XFree86 4.2 bug in Debian Testing
On Fri, 8 Nov 2002, Joseph Pingenot wrote: > >From Norbert Preining on Friday, 08 November, 2002: > >I think that vim-gtk tries to open a window, recognizes that this > >doesn't work (authorization) and starts normal text mode vi. > > Probably the easiest way to do this is, instead of using su/sudo, run > ssh -X localhost. It'll tunnel your X apps back over the tunnel. Not > as efficient, but it'll solve permissions problems. Or, you > can have root snag your user .Xauthority file to steal the user cookies. > Then you can just set display:0.0. > Another possibility is: su -c vim-gtk you can also use xhost +username for allowing users to connect to our Xserver. But this does not work for me on Debian. Ivan
Re: XFree86 4.2 bug in Debian Testing
>From Ivan Brezina on Friday, 08 November, 2002: >Another possibility is: >su -c vim-gtk >you can also use xhost +username for allowing users to connect to our >Xserver. But this does not work for me on Debian. xhost is for working with connections coming over tcp. :0.0 uses a named socket (/tmp/Xsomething), and Debian's X servers don't listen in on a tcp socket by default (security. No chance of someone sniffing your password if nobody can connect remotely!). Thus, xhost won't work. -Joseph -- [EMAIL PROTECTED] "As far as Microsoft, we will never take a company lightly that can put $3bn in cash in the bank every quarter." --Mark Tolliver, Sun Microsystems -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: XFree86 4.2 bug in Debian Testing
>From Norbert Preining on Friday, 08 November, 2002: >I think that vim-gtk tries to open a window, recognizes that this >doesn't work (authorization) and starts normal text mode vi. Probably the easiest way to do this is, instead of using su/sudo, run ssh -X localhost. It'll tunnel your X apps back over the tunnel. Not as efficient, but it'll solve permissions problems. Or, you can have root snag your user .Xauthority file to steal the user cookies. Then you can just set display:0.0. -Joseph -- [EMAIL PROTECTED] "As far as Microsoft, we will never take a company lightly that can put $3bn in cash in the bank every quarter." --Mark Tolliver, Sun Microsystems
Re: XFree86 4.2 bug in Debian Testing
This one time, at band camp, Steve Johnson said: > No, but I have noticed when i open an xterm, su to root and run > vi(vim-gtk), whenever I quit vi, i get this. > > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > myhost:# > > Probably not related, but it seems weird to me, cause it only does this > in vi, and vi shouldn't be connecting to the xterminal, or it it? Well, vim-gtk does. It's an X app (hence the -gtk). X in debian by default won't allow this. You can either use sudo, or set up X to allow it. Steve -- Everything should be made as simple as possible, but not simpler. -- Albert Einstein pgpvJZm20pu2B.pgp Description: PGP signature
Re: XFree86 4.2 bug in Debian Testing
On Fre, 08 Nov 2002, Steve Johnson wrote: > No, but I have noticed when i open an xterm, su to root and run > vi(vim-gtk), whenever I quit vi, i get this. > > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > myhost:# > > Probably not related, but it seems weird to me, cause it only does this > in vi, and vi shouldn't be connecting to the xterminal, or it it? I think that vim-gtk tries to open a window, recognizes that this doesn't work (authorization) and starts normal text mode vi. Best wishes Norbert --- Norbert Preining Technische Universität Wien gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094 --- HOGGESTON (n.) The action of overshaking a pair of dice in a cup in the mistaken belief that this will affect the eventual outcome in your favour and not irritate everyone else. --- Douglas Adams, The Meaning of Liff
Re: XFree86 4.2 bug in Debian Testing
No, but I have noticed when i open an xterm, su to root and run vi(vim-gtk), whenever I quit vi, i get this. Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server myhost:# Probably not related, but it seems weird to me, cause it only does this in vi, and vi shouldn't be connecting to the xterminal, or it it? On Thu, 2002-11-07 at 19:25, Time wrote: > I'm not sure if this is just me, but when I shutdown X properly and then > `su -` in that terminal I get flooded with Password: prompts. Has anyone > else seen this? > > -- > Regards, > > Time > > > >13 > >\ > 9 . 3 clockbot.net >/ > > 6 >
Re: XFree86 4.2 bug in Debian Testing
On Fri, 8 Nov 2002, Joseph Pingenot wrote: > >From Norbert Preining on Friday, 08 November, 2002: > >I think that vim-gtk tries to open a window, recognizes that this > >doesn't work (authorization) and starts normal text mode vi. > > Probably the easiest way to do this is, instead of using su/sudo, run > ssh -X localhost. It'll tunnel your X apps back over the tunnel. Not > as efficient, but it'll solve permissions problems. Or, you > can have root snag your user .Xauthority file to steal the user cookies. > Then you can just set display:0.0. > Another possibility is: su -c vim-gtk you can also use xhost +username for allowing users to connect to our Xserver. But this does not work for me on Debian. Ivan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: XFree86 4.2 bug in Debian Testing
>From Norbert Preining on Friday, 08 November, 2002: >I think that vim-gtk tries to open a window, recognizes that this >doesn't work (authorization) and starts normal text mode vi. Probably the easiest way to do this is, instead of using su/sudo, run ssh -X localhost. It'll tunnel your X apps back over the tunnel. Not as efficient, but it'll solve permissions problems. Or, you can have root snag your user .Xauthority file to steal the user cookies. Then you can just set display:0.0. -Joseph -- [EMAIL PROTECTED] "As far as Microsoft, we will never take a company lightly that can put $3bn in cash in the bank every quarter." --Mark Tolliver, Sun Microsystems -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: XFree86 4.2 bug in Debian Testing
This one time, at band camp, Steve Johnson said: > No, but I have noticed when i open an xterm, su to root and run > vi(vim-gtk), whenever I quit vi, i get this. > > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > myhost:# > > Probably not related, but it seems weird to me, cause it only does this > in vi, and vi shouldn't be connecting to the xterminal, or it it? Well, vim-gtk does. It's an X app (hence the -gtk). X in debian by default won't allow this. You can either use sudo, or set up X to allow it. Steve -- Everything should be made as simple as possible, but not simpler. -- Albert Einstein msg07636/pgp0.pgp Description: PGP signature
Re: XFree86 4.2 bug in Debian Testing
On Fre, 08 Nov 2002, Steve Johnson wrote: > No, but I have noticed when i open an xterm, su to root and run > vi(vim-gtk), whenever I quit vi, i get this. > > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > myhost:# > > Probably not related, but it seems weird to me, cause it only does this > in vi, and vi shouldn't be connecting to the xterminal, or it it? I think that vim-gtk tries to open a window, recognizes that this doesn't work (authorization) and starts normal text mode vi. Best wishes Norbert --- Norbert Preining Technische Universität Wien gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094 --- HOGGESTON (n.) The action of overshaking a pair of dice in a cup in the mistaken belief that this will affect the eventual outcome in your favour and not irritate everyone else. --- Douglas Adams, The Meaning of Liff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: XFree86 4.2 bug in Debian Testing
No, but I have noticed when i open an xterm, su to root and run vi(vim-gtk), whenever I quit vi, i get this. Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server myhost:# Probably not related, but it seems weird to me, cause it only does this in vi, and vi shouldn't be connecting to the xterminal, or it it? On Thu, 2002-11-07 at 19:25, Time wrote: > I'm not sure if this is just me, but when I shutdown X properly and then > `su -` in that terminal I get flooded with Password: prompts. Has anyone > else seen this? > > -- > Regards, > > Time > > > >13 > >\ > 9 . 3 clockbot.net >/ > > 6 > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]