Re: Re: Xauth, how to get rid of it?
Norma V. Finney -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Xauth, how to get rid of it?
There is a nice little command called xhost which allows you to specifiy from which machines users are allowed to run X applications. So this alters the Magic Cookie stuff. If you type: xhost +mymachine where mymachine is the hostname of the computer you are currently typing at, then no matter what user you su to, then you are able to run X applications. I do this when I want to install applications when they have X installs. First I login as username then run startx and work as normal. If I want to run an X applicaton as another user, say root to install a non-debianised X app, then I would type the above command first then su to root. I can now run all the X apps I so desire. I also use this mechanism to read my email stored on another machine, using netscape as my mail reader. I type: xhost +othermachinename rlogin othermachinename export DISPLAY=mymachine:0.0 netscape -mail In order, this allows me to run and X application from another machine using xhost. Then I login to the other machine. Then tell the othermachine to put the X applications display on mymachine so I can control it. Then I run my X application. A word of warning though, if you do xhost + then you are allowing anyone to run an X app on your machine, which may be not what you desire. Hope this all helps. Pollywog wrote: On 07-Apr-99 Richard Harran wrote: Do you mean that you are trying to start a second X session while the first is still running, or are you having difficulty starting for a second time having exited the first session? If it is the first (and you get an error like: server is already active for display :0, or something) you can fix it with startx -- :1 to start the second X server on display 1. This will probably associate it with ctrlaltF8. If it is the second, I think you have a problem (X not exiting properly?) 'cos I don't think that should happen. I get those annoying MAGIC COOKIE warnings when I su from a regular user and this even happens when I use vim after 'su'. I am still able to edit stuff, and the only problem is when I need to run some X program as superuser. I saw somewhere how to deal with this Xauth stuff, but I don't remember where. -- Andrew [PGP5.0 Key ID 0x5EE61C37] -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/nullbegin:vcard n:Stevenson;John tel;fax:+31 20 34 22 820 tel;work:+31 20 34 22 820 x-mozilla-html:TRUE url:www.oa.nl org:OA Europe version:2.1 email;internet:[EMAIL PROTECTED] title:Technical Consultant adr;quoted-printable:;;Objective Alliance=0D=0AHoghilweg 14L;Amsterdam;Zoud Oust;1101 CD;Nederlands x-mozilla-cpt:;-11328 fn:John Stevenson end:vcard
Re: Xauth, how to get rid of it?
Ben Messinger hat gesagt: // Ben Messinger wrote: Pollywog wrote: I get those annoying MAGIC COOKIE warnings when I su from a regular user and this even happens when I use vim after 'su'. I am still able to edit stuff, and the only problem is when I need to run some X program as superuser. I saw somewhere how to deal with this Xauth stuff, but I don't remember where. I am also having the same trouble. I didn't see a reply to Andrew's question, so I wanted to add that I am also interested in solving this one. I never encountered this problem when I was using other (lesser) distributions. Please help if you know the answer. There are some tools like gnome-apt that I would like to use without having to end my x-session and start a new one as root. Some of this is described in this HOWTO: /usr/doc/HOWTO/mini/Remote-X-Apps.gz When you log into X, be it with xdm or startx, and then su to root, root is considered kind of remotely logged in and she is *NOT* allowd to mess your screen with windows. That's a feature. The most simlpe solution is to use ssh instead of su. Usage of xauth is described in the HOWTO. You also can search the mailing list archives at www.debian.org, as this question came up often in the past. Bye, -- ____ Frank Barknecht __ __ trip\ \ / /wire __ / __// __ /__/ __// // __ \ \/ / __ \\ ___\ / / / / / / / // // /\ \\ ___\\ \ /_/ /_/ /_/ /_//_// / \ \\_\\_\ /_/\_\
Re: Xauth, how to get rid of it?
On Thu, Apr 08, 1999 at 01:25:53PM -0700, Ben Messinger wrote: Pollywog wrote: I get those annoying MAGIC COOKIE warnings when I su from a regular user and this even happens when I use vim after 'su'. I am still able to edit stuff, and the only problem is when I need to run some X program as superuser. I saw somewhere how to deal with this Xauth stuff, but I don't remember where. I am also having the same trouble. I didn't see a reply to Andrew's question, so I wanted to add that I am also interested in solving this one. I never encountered this problem when I was using other (lesser) distributions. Please help if you know the answer. There are some tools like gnome-apt that I would like to use without having to end my x-session and start a new one as root. There is more than one way to do it. The following is one possibility, and is what I use: export XAUTHORITY=/home/branden/.Xauthority I do that from the root shell. This works for root only. If you su to an unprivileged user, they ABSOLUTELY SHOULD NOT be able to read another user's .Xauthority file -- the permissions on it should be 600. After you do the above you can run X clients as root to your heart's content. -- G. Branden Robinson |Psychology is really biology. Debian GNU/Linux |Biology is really chemistry. [EMAIL PROTECTED] |Chemistry is really physics. cartoon.ecn.purdue.edu/~branden/ |Physics is really math. pgpUcZHbucmHt.pgp Description: PGP signature
Re: Xauth, how to get rid of it?
On 09-Apr-99 Branden Robinson wrote: The following is one possibility, and is what I use: export XAUTHORITY=/home/branden/.Xauthority This is what I have done after someone suggested it to me. I first su'd to root in an xterm after starting KDE as pollywog Then I entered export XAUTHORITY=/home/pollywog/.Xauthority I also placed this export command in /root/.bashrc I do that from the root shell. This works for root only. If you su to an unprivileged user, they ABSOLUTELY SHOULD NOT be able to read another user's .Xauthority file -- the permissions on it should be 600. Good thing you reminded me of that, so I can check it. thanks -- Andrew [PGP5.0 Key ID 0x5EE61C37]
Re: Xauth, how to get rid of it?
Pollywog wrote: I get those annoying MAGIC COOKIE warnings when I su from a regular user and this even happens when I use vim after 'su'. I am still able to edit stuff, and the only problem is when I need to run some X program as superuser. I saw somewhere how to deal with this Xauth stuff, but I don't remember where. -- Andrew [PGP5.0 Key ID 0x5EE61C37] -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null I am also having the same trouble. I didn't see a reply to Andrew's question, so I wanted to add that I am also interested in solving this one. I never encountered this problem when I was using other (lesser) distributions. Please help if you know the answer. There are some tools like gnome-apt that I would like to use without having to end my x-session and start a new one as root. -- Ben Messinger [EMAIL PROTECTED] Debian GNU/Linux user.
[Fwd: Re: Xauth, how to get rid of it?]
Sorry, I didn't CC the group. Here is my reply to 'Pollywog': I think what you need to do is type: export XAUTHORITY=/home/user_running_X/.Xauthority after you have su'ed. You can also add this to your root/.bashrc, if the only time you use X as superuser is from inside an X-session run by that user. HTH Rich Pollywog wrote: I get those annoying MAGIC COOKIE warnings when I su from a regular user and this even happens when I use vim after 'su'. I am still able to edit stuff, and the only problem is when I need to run some X program as superuser. I saw somewhere how to deal with this Xauth stuff, but I don't remember where. -- Andrew [PGP5.0 Key ID 0x5EE61C37] -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Xauth, how to get rid of it?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 6 Apr 1999 23:34:41 -0700 (PDT), George Bonser wrote: Steve, you do not want to get rid of xauth ... exactly what problem are you having? Why not? There are other methods of protecting the X port than Xauth. Since all machines that I want to do X work are on the local network and on private IP space, I can safely limit it to that block of IPs and be done with it. My problem, exactly, is that Xauth is preventing me form forwarding the display from one Linux box to another Linux box, both running Debian. Meanwhile, my Winbox with Exceed, which does not use Xauth, allows the forwarded displays just fine. - -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your ICQ: 5107343 | main connection to the switchboard of souls. - ---+- -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.0 (C) 1997 Pretty Good Privacy, Inc iQA/AwUBNwr+YHpf7K2LbpnFEQI5YACfR2xcJnlnbcIO/L2cSZXPGWmysnYAnRDE G45MphfExDWaEvJlN9ale9bL =dAJq -END PGP SIGNATURE-
Re: Xauth, how to get rid of it?
I may be missing something here. But is xhost + what you want?? Steve Lamb wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 6 Apr 1999 23:34:41 -0700 (PDT), George Bonser wrote: Steve, you do not want to get rid of xauth ... exactly what problem are you having? Why not? There are other methods of protecting the X port than Xauth. Since all machines that I want to do X work are on the local network and on private IP space, I can safely limit it to that block of IPs and be done with it. My problem, exactly, is that Xauth is preventing me form forwarding the display from one Linux box to another Linux box, both running Debian. Meanwhile, my Winbox with Exceed, which does not use Xauth, allows the forwarded displays just fine. - -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your ICQ: 5107343 | main connection to the switchboard of souls. - ---+- -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.0 (C) 1997 Pretty Good Privacy, Inc iQA/AwUBNwr+YHpf7K2LbpnFEQI5YACfR2xcJnlnbcIO/L2cSZXPGWmysnYAnRDE G45MphfExDWaEvJlN9ale9bL =dAJq -END PGP SIGNATURE- -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Shao Zhang - Running Debian 2.1 ___ _ _ Department of Communications/ __| |_ __ _ ___ |_ / |_ __ _ _ _ __ _ University of New South Wales \__ \ ' \/ _` / _ \ / /| ' \/ _` | ' \/ _` | Sydney, Australia |___/_||_\__,_\___/ /___|_||_\__,_|_||_\__, | Email: [EMAIL PROTECTED] |___/ _
Re: Xauth, how to get rid of it?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 07 Apr 1999 16:49:00 +, Shao Zhang wrote: I may be missing something here. But is xhost + what you want?? Ah, my savior. xhost +[machine name] worked nicely. Thanks for the help. - -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your ICQ: 5107343 | main connection to the switchboard of souls. - ---+- -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.0 (C) 1997 Pretty Good Privacy, Inc iQA/AwUBNwsBbHpf7K2LbpnFEQL1mgCgiOiWw7a0ylromVRRZcjxf+lIMl4AoPnk gcfe/rdIpuRqWrvAfg5CJieH =diTJ -END PGP SIGNATURE-
Re: Xauth, how to get rid of it?
On 07-Apr-99 Shao Zhang wrote: I may be missing something here. But is xhost + what you want?? I believe that is one way to do it, but not the best way. -- Andrew [PGP5.0 Key ID 0x5EE61C37]
Re: Xauth, how to get rid of it?
That is right. According to the HOWTO I read a while ago, hackers can overflow the buffers to lock the keyboard and mouse. The standard way is to use the Xauthority to generate a cookie to the client. But if on a private network, xhost + will just do. :) Shao. Pollywog wrote: On 07-Apr-99 Shao Zhang wrote: I may be missing something here. But is xhost + what you want?? I believe that is one way to do it, but not the best way. -- Andrew [PGP5.0 Key ID 0x5EE61C37] -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Shao Zhang - Running Debian 2.1 ___ _ _ Department of Communications/ __| |_ __ _ ___ |_ / |_ __ _ _ _ __ _ University of New South Wales \__ \ ' \/ _` / _ \ / /| ' \/ _` | ' \/ _` | Sydney, Australia |___/_||_\__,_\___/ /___|_||_\__,_|_||_\__, | Email: [EMAIL PROTECTED] |___/ _
Re: Xauth, how to get rid of it?
On Wed, Apr 07, 1999 at 12:11:54AM -0700, George Bonser wrote: But now any user at [machine name] may monitor everything you do. Considering it is my laptop and I am the only user, I'm not all that worried. And if I were on my laptop going to my main machine (sometimes happens) then it is me, a pop account for my parents, and about 3-4 daemon accounts. Again, I'm not worried. If anyone gets in, them spying on my X sessions is the least of my concerns. -- Steve C. Lamb | Opinions expressed by me are not my http://www.calweb.com/~morpheus| employer's. They hired me for my ICQ: 5107343 | skills and labor, not my opinions! ---+- pgpESeAeWop9x.pgp Description: PGP signature
Re: Xauth, how to get rid of it?
On Tue, 6 Apr 1999, George Bonser wrote in response to Steve Lamb, on 6 Apr 1999: Subject: Re: Xauth, how to get rid of it? Steve, you do not want to get rid of xauth ... exactly what problem are you having? I have a slightly different problem: The presence of Xauth prevents me from starting X (via startx) the SECOND time. I just rm it after each X session. There Has To Be A Better Solution applies here as well as to a ubiquitous PC operating system we love to hate. How do I fix this? David Teague [EMAIL PROTECTED] Debian GNU/Linux Because software stability should be expected. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Subject says all. Trying to get apps to display on remote machines. I can do it fine to my Winbox, but that is because it isn't using Xauth. - -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your ICQ: 5107343 | main connection to the switchboard of souls. - ---+- -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.0 (C) 1997 Pretty Good Privacy, Inc iQA/AwUBNwr57Xpf7K2LbpnFEQLcMgCgtRnThlRuwhmdKcU4LSA/CItp40EAoILo exIASDQGEGB0av4ZpF1Ftx28 =Vsyj -END PGP SIGNATURE- -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null George Bonser Support The THING -- http://shorelink.com/~grep/THING.html -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Xauth, how to get rid of it?
I may be missing something here. But is xhost + what you want?? Ah, my savior. xhost +[machine name] worked nicely. Thanks for the help. How about ssh? Do ssh remote_machine remote_app and ssh will set up the xauth stuff _for_ you. Will -- | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] | | http://www.cis.udel.edu/~lowe/ | |PGP Public Key: http://www.cis.udel.edu/~lowe/index.html#pgpkey| -- | You think you're so smart, but I've seen you naked | | and I'll prob'ly see you naked again ... | | --The Barenaked Ladies, Blame It On Me | --
Re: Xauth, how to get rid of it?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 7 Apr 1999 09:29:49 -0400 (EDT), Will Lowe wrote: How about ssh? Do ssh remote_machine remote_app and ssh will set up the xauth stuff _for_ you. M, IIRC that doesn't set up the environment, however, which I need. - -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your ICQ: 5107343 | main connection to the switchboard of souls. - ---+- -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.0 (C) 1997 Pretty Good Privacy, Inc iQA/AwUBNwtjUnpf7K2LbpnFEQIFvACfX0KyRH1c8W/Vxx0bOvsQZnHTwsMAoJvR yhxr0uhmsnGryq5MPA5PVpOD =6jcx -END PGP SIGNATURE-
Re: Xauth, how to get rid of it?
Do you mean that you are trying to start a second X session while the first is still running, or are you having difficulty starting for a second time having exited the first session? If it is the first (and you get an error like: server is already active for display :0, or something) you can fix it with startx -- :1 to start the second X server on display 1. This will probably associate it with ctrlaltF8. If it is the second, I think you have a problem (X not exiting properly?) 'cos I don't think that should happen. HTH Rich David B.Teague wrote: On Tue, 6 Apr 1999, George Bonser wrote in response to Steve Lamb, on 6 Apr 1999: Subject: Re: Xauth, how to get rid of it? Steve, you do not want to get rid of xauth ... exactly what problem are you having? I have a slightly different problem: The presence of Xauth prevents me from starting X (via startx) the SECOND time. I just rm it after each X session. There Has To Be A Better Solution applies here as well as to a ubiquitous PC operating system we love to hate. How do I fix this? David Teague [EMAIL PROTECTED] Debian GNU/Linux Because software stability should be expected. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Subject says all. Trying to get apps to display on remote machines. I can do it fine to my Winbox, but that is because it isn't using Xauth. - -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your ICQ: 5107343 | main connection to the switchboard of souls. - ---+- -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.0 (C) 1997 Pretty Good Privacy, Inc iQA/AwUBNwr57Xpf7K2LbpnFEQLcMgCgtRnThlRuwhmdKcU4LSA/CItp40EAoILo exIASDQGEGB0av4ZpF1Ftx28 =Vsyj -END PGP SIGNATURE- -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null George Bonser Support The THING -- http://shorelink.com/~grep/THING.html -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Xauth, how to get rid of it?
On 07-Apr-99 Richard Harran wrote: Do you mean that you are trying to start a second X session while the first is still running, or are you having difficulty starting for a second time having exited the first session? If it is the first (and you get an error like: server is already active for display :0, or something) you can fix it with startx -- :1 to start the second X server on display 1. This will probably associate it with ctrlaltF8. If it is the second, I think you have a problem (X not exiting properly?) 'cos I don't think that should happen. I get those annoying MAGIC COOKIE warnings when I su from a regular user and this even happens when I use vim after 'su'. I am still able to edit stuff, and the only problem is when I need to run some X program as superuser. I saw somewhere how to deal with this Xauth stuff, but I don't remember where. -- Andrew [PGP5.0 Key ID 0x5EE61C37]