Re: su problems with xdm
On Sun, 6 Jun 1999, Alisdair McDiarmid wrote: [root%letdown /home/alisdair] # xmcd Xlib: connection to :0.0 refused by server Xlib: Client is not authorized to connect to Server Error: Can't open display: :0.0 Yeah, xdm is more paranoid than startx. You can disable access controls by running, as alisdair, xhost +. Check the man page for more info.
Re: su problems with xdm
On Sat, Jun 05, 1999 at 07:58:36PM -0400, Jason Willoughby wrote: Yeah, xdm is more paranoid than startx. You can disable access controls by running, as alisdair, xhost +. Check the man page for more info. great, thanks! -- alisdair mcdiarmid [i won't tear again i won't breathe in the shards of what is left]
Re: su problems with xdm
On Sun, Jun 06, 1999 at 12:29:58AM +, Alisdair McDiarmid wrote: I've got problems running X apps as root with xdm. See /usr/doc/xfree86-common/FAQ. -- G. Branden Robinson | Measure with micrometer, Debian GNU/Linux | mark with chalk, [EMAIL PROTECTED] | cut with axe, cartoon.ecn.purdue.edu/~branden/ | hope like hell. pgpsmCx1kpsuA.pgp Description: PGP signature
Re: su problems with xdm
Jason Willoughby hat gesagt: // Jason Willoughby wrote: On Sun, 6 Jun 1999, Alisdair McDiarmid wrote: [root%letdown /home/alisdair] # xmcd Xlib: connection to :0.0 refused by server Xlib: Client is not authorized to connect to Server Error: Can't open display: :0.0 Yeah, xdm is more paranoid than startx. You can disable access controls by running, as alisdair, xhost +. Check the man page for more info. I would not recommend this if your connected to a network like the internet. Better read man xauth. I suggest you write a little shellscript for root, that automates xauth-authorization like this: #!/bin/sh # xauth4root - sets Xauthority the way I want it export DISPLAY=:0.0 xauth -f /home/YOUR_USERNAME_HERE/.Xauthority extract - $DISPLAY | xauth merge - $* Then you can start e.g gvim with: % xauth4root gvim -- ____ Frank Barknecht __ __ trip\ \ / /wire __ / __// __ /__/ __// // __ \ \/ / __ \\ ___\ / / / / / / / // // /\ \\ ___\\ \ /_/ /_/ /_/ /_//_// / \ \\_\\_\ /_/\_\
Re: SU Problems
All of the suggestions were more or less appropriate, but I think a more secure way to grant another user the right to run programs on your display is to use xauth. See the xauth manpage for more details, but I use xauth extract - $DISPLAY | rsh otherhost xauth merge - to allow *only* myself on otherhost to connect to the current display. If I had used something like xhost +otherhost then anyone on otherhost could snoop my display, or whatever... -- Rob -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: SU Problems
Paul == Paul McDermott [EMAIL PROTECTED] writes: Paul Hi folks, I just installed X version 3.2 on my system this Paul past few weeks. I am having problems do things as su. ie for Paul the first error message is one that I receive whenever I try Paul to run an X program as su. This error message is when I was Paul trying to use xclock. I have check xclocks permissions, Paul ownership both seem to be in order. Ownership is root.root and Paul the Permissions are 755. This error happens when I try to run Paul all x programs. Paul Xlib: connection to :0.0 refused by server Xlib: Client is Paul not authorized to connect to Server open display failed Paul InitXWindows failed, exiting Paul This error is when I try to run emacs as su. Paul Xlib: connection to :0.0 refused by server Xlib: Client is Paul not authorized to connect to Server emacs: Cannot connect to X Paul server :0.0. Check the DISPLAY environment variable or use Paul `-d'. Also use the `xhost' program to verify that it is set Paul to permit connections from your machine. A little while ago this started happening to me and others under Debian's X setup. I've added localhost to my 'xhost +' list in my .xinitrc, and now programs run under other uid's in my X display work fine. It seems to me as if localhost used to be allowed by default, and is no longer, but maybe something about userids allowed to use the display changed instead. I don't know if the change would be XFree86's or Debian's; I can't find a changelog for xbase. You could just add xhost +localhost to your .xinitrc file, if you don't have any xhost commands there already. Jens has suggested export XAUTHORITY=~paul/.Xauthority; I don't immediately know which method would be preferable. The xhost method would solve this problem for any userid, and wouldn't require changes to any other config files to automate it. On the other hand, there could be valid security reasons not to do so--most of the machines I've run X on have been single-user workstations, so I haven't had to worry about inter-user issues like that. Hope this helps, -- Ed Donovan [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: SU Problems
On Jun 2, Ed Donovan wrote You could just add xhost +localhost to your .xinitrc file, if you don't have any xhost commands there already. Jens has suggested export XAUTHORITY=~paul/.Xauthority; I don't immediately know which method would be preferable. The xhost method would solve this problem for any userid, and wouldn't require changes to any other config files to automate it. [snip] ... but allows any local user to connect to your X server, spy on your keystrokes and generally wreak havoc on your machine if they feel like it. So it's a very bad idea Setting XAUTHORITY (or copying the .Xauthority file) is better. Assuming nobody can snoop on the file while it is being copied, your machine is just as secure as it was before... only users who have the proper .Xauthority file can connect to the X server. (I've made myself a tiny alias called 'sysadmin' which copies the .Xauthority file to root's account and then spawns an xterm with su - root. Works like a charm.) Christian pgpukDcd4OmI6.pgp Description: PGP signature
Re: SU Problems
I just do: 8-8 ~ # pwd /root ~ # ln -s /home/karlheg/.Xauthority . 8-8 I've also got ~karlheg/.emacs and several other files like it symlinked in the same way for 'root'. I always use the computer logged in as myself, from XDM, and have entries in /etc/super.tab (man super) like this: 8-8 xemacs /usr/local/bin/xemacs karlheg @localhost \ setenv=DISPLAY=unix:0 \ setenv=PATH=/usr/local/bin:/usr/bin:/bin:/usr/lib/texmf/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/bin/X11:/usr/games \ password=n \ uid=root gid=root\ info=XEmacs editor as 'root' tkps/usr/bin/X11/tkps karlheg @localhost \ setenv=DISPLAY=unix:0 \ setenv=PATH=/usr/bin:/bin \ password=n \ uid=root gid=root \ info=TkPs process table tool; X-Windows Tk interface gitps /usr/bin/gitps karlheg @localhost \ setenv=PATH=/usr/bin:/bin \ password=n \ uid=root gid=root \ info=gitps process table tool; Console ncurses interface xterm /usr/X11R6/bin/xterm karlheg @localhost \ setenv=DISPLAY=unix:0 \ setenv=PATH=/usr/local/bin:/usr/bin:/bin:/usr/lib/texmf/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/games:/usr/bin/X11 \ password=n \ uid=root gid=root \ info=XTerm 8-8 ... And I have menu entries on my Fvwm2 menu that `exec super xterm` and `exec super xemacs`, so that I can fire off an xterm or xemacs and be 'root' anytime I need to. In my /usr/local/lib/xemacs-20.2/lisp/site-start.el file, I have this: 8-8 ;; FSF Emacs has this function already; no defalias needed. (defalias 'shell-command-to-string 'exec-to-string) (let ((string (shell-command-to-string whoami))) (setq logname (substring string 0 (1- (length string) 8-8 ... and then, from the XEmacs customize menu (Options|Customize|Variable...), I made the titlebar string be: '(frame-title-format (quote ( logname (:%b))) t) Since ~/.emacs, as root, is a symlink to ~karlheg/.emacs, I get the same setting as either user... but a `super xemacs` will say 'root:filename' in the titlebar, and a normal one will say 'karlheg:filename'. I have my ~karlheg directory SGID, so that if 'root' makes any changes to the .emacs, 'karlheg' will still be able to write to the file. In /etc/profile, I have this: 8-8 # Display the status of the last command if non-zero status_after_prompt() { prompt_status=$? if [ $prompt_status != 0 ] then echo [status $prompt_status] fi } export -f status_after_prompt export PROMPT_COMMAND=status_after_prompt # Set the titlebar of XTerms to reflect our current working directory. if [ $TERM == emacs ] then export PS1='\w\n\$ ' elif [ $TERM = xterm -o $TERM = xterm-color ] then # There are real control chars here. set_titlebar () { echo -n ]2;$*; } export -f set_titlebar my_dirname () { if [ ${PWD#$HOME} != $PWD ] then echo '~'${PWD#$HOME} else echo $PWD fi } export -f my_dirname export PS1='\n\!\$ ' PROMPT_COMMAND=$PROMPT_COMMAND';eval set_titlebar [EMAIL PROTECTED]:$(my_dirname)' export PROMPT_COMMAND else export PS1='[EMAIL PROTECTED]:\w\n\!\$ ' fi # this is a beat-the-television style kludge to get color working right. if [ $TERM = xterm ] then export TERM=xterm-color tset 2 /dev/null fi 8-8 ... and now xterms have the titlebar set in the similar fashion; and I can tell by looking whether it's a `super xterm` or a normal one. Get all that? :-) -- Karl M. Hegbloom [EMAIL PROTECTED] http://www.inetarena.com/~karlheg Portland, OR USA Debian GNU 1.2 Linux 2.1.36 AMD K5 PR-133 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: SU Problems
I just tried a couple of thing that seem to work. 1. Put the export XAUTHORITY=~paul/.Xauthority in your .bashrc file. When you su to another user the XAUTHORITY environment variable still exists! Works fine. 2. Did you ever notice what happens when you su to another user with the USER enviroment variable? It does not change unless you su a second time! Therefore you could put in the root's .bashrc -- export XAUTHORITY=$USER/.Xauthority Both of these worked for me. It would also appear to me to be more secure than the xhost methold mentioned by others. Also I have run across programs that do not like the xhost +localhost methold. On Mon, 2 Jun 1997, Paul McDermott wrote: thanks jens, is there a way so i don't have to type the command all the time? thanks again. Paul On Mon, 2 Jun 1997, Jens B. Jorgensen wrote: Paul McDermott wrote: Hi folks, I just installed X version 3.2 on my system this past few weeks. I am having problems do things as su. ie for the first error message is one that I receive whenever I try to run an X program as su. This error message is when I was trying to use xclock. I have check xclocks permissions, ownership both seem to be in order. Ownership is root.root and the Permissions are 755. This error happens when I try to run all x programs. Xlib: connection to :0.0 refused by server Xlib: Client is not authorized to connect to Server open display failed InitXWindows failed, exiting This error is when I try to run emacs as su. Xlib: connection to :0.0 refused by server Xlib: Client is not authorized to connect to Server emacs: Cannot connect to X server :0.0. Check the DISPLAY environment variable or use `-d'. Also use the `xhost' program to verify that it is set to permit connections from your machine. I cam run things as user paul and if I login as root. If you have any suggestions or need any more information please email me. Paul If you log in as paul and then su to root, then after you su type export XAUTHORITY=~paul/.Xauthority -- Jens B. Jorgensen [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] . http://www.sound.net/~wpmills/ - : W. Paul Mills : Bill, I was there several years ago. : : Topeka, Kansas, U.S.A. : Why would I want to go back tomorrow?: : [EMAIL PROTECTED] : Where were you! : : [EMAIL PROTECTED] : : : [EMAIL PROTECTED] : Linux: Tomorrow's operating system, : : [EMAIL PROTECTED] :here, today. : : [EMAIL PROTECTED] : : : compuserve 70023,1750 : #define MY_TRUE_LOVE computer: -- http://homepage.midusa.net/~wpmills/ - -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: SU Problems
Use su - % [EMAIL PROTECTED] Roberto Magana. Escuela de Fisica UCR. (The Physics Dept. University of Costa Rica.) % -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: SU Problems
Hi Roberto, I did use su. I can't run any x programs as su, only as user paul. Any other ideas. On Mon, 2 Jun 1997, Roberto Magana wrote: Use su - % [EMAIL PROTECTED] Roberto Magana. Escuela de Fisica UCR. (The Physics Dept. University of Costa Rica.) % -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] . -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: SU Problems
Paul McDermott wrote: Hi folks, I just installed X version 3.2 on my system this past few weeks. I am having problems do things as su. ie for the first error message is one that I receive whenever I try to run an X program as su. This error message is when I was trying to use xclock. I have check xclocks permissions, ownership both seem to be in order. Ownership is root.root and the Permissions are 755. This error happens when I try to run all x programs. Xlib: connection to :0.0 refused by server Xlib: Client is not authorized to connect to Server open display failed InitXWindows failed, exiting This error is when I try to run emacs as su. Xlib: connection to :0.0 refused by server Xlib: Client is not authorized to connect to Server emacs: Cannot connect to X server :0.0. Check the DISPLAY environment variable or use `-d'. Also use the `xhost' program to verify that it is set to permit connections from your machine. I cam run things as user paul and if I login as root. If you have any suggestions or need any more information please email me. Paul If you log in as paul and then su to root, then after you su type export XAUTHORITY=~paul/.Xauthority -- Jens B. Jorgensen [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: SU Problems
Before you SU to root type 'xhost +' this will disable X windows access control. Remember X windows is a network program and has to authorize every user before it will let you run an application. By the way xhost + is also not the most secure way of handling this problem. Do a 'man xhost' and check out the specific params. --Matt PS. Time to get back into the swing of Linux use and not development again. After porting linux to run on an VIC20 for a university project I am sick of assembly (had to port GCC over as well :) PPS. anyone want a VIC20 port of linux before I delete the 500megs of files from my hard drive? On Mon, 2 Jun 1997, Paul McDermott wrote: Hi Roberto, I did use su. I can't run any x programs as su, only as user paul. Any other ideas. On Mon, 2 Jun 1997, Roberto Magana wrote: Use su - % [EMAIL PROTECTED] Roberto Magana. Escuela de Fisica UCR. (The Physics Dept. University of Costa Rica.) % -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] . -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] . -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: SU Problems
thanks jens, is there a way so i don't have to type the command all the time? thanks again. Paul On Mon, 2 Jun 1997, Jens B. Jorgensen wrote: Paul McDermott wrote: Hi folks, I just installed X version 3.2 on my system this past few weeks. I am having problems do things as su. ie for the first error message is one that I receive whenever I try to run an X program as su. This error message is when I was trying to use xclock. I have check xclocks permissions, ownership both seem to be in order. Ownership is root.root and the Permissions are 755. This error happens when I try to run all x programs. Xlib: connection to :0.0 refused by server Xlib: Client is not authorized to connect to Server open display failed InitXWindows failed, exiting This error is when I try to run emacs as su. Xlib: connection to :0.0 refused by server Xlib: Client is not authorized to connect to Server emacs: Cannot connect to X server :0.0. Check the DISPLAY environment variable or use `-d'. Also use the `xhost' program to verify that it is set to permit connections from your machine. I cam run things as user paul and if I login as root. If you have any suggestions or need any more information please email me. Paul If you log in as paul and then su to root, then after you su type export XAUTHORITY=~paul/.Xauthority -- Jens B. Jorgensen [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .