Re: Access Control behaves strange

To: debian-kde@lists.debian.org
Subject: Re: Access Control behaves strange
From: Achim Bohnet <ach@mpe.mpg.de>
Date: Wed, 16 May 2001 01:08:00 +0200
Message-id: <[🔎] E14znv6-0000VA-00@ds10.xray.mpe.mpg.de>
In-reply-to: <[🔎] 20010516003514.P18423@jensbenecke.de>
References: <[🔎] 15105.33111.243176.738055@palme-pc.urz.Uni-Wuppertal.DE> <[🔎] E14zljn-0000QO-00@ds10.xray.mpe.mpg.de> <[🔎] 20010516003514.P18423@jensbenecke.de>

On Wednesday 16 May 2001 00:35, Jens Benecke wrote:
> On Tue, May 15, 2001 at 10:48:11PM +0200, Achim Bohnet wrote:
> > On Tuesday 15 May 2001 22:16, Burkhard Perkens-Golomb wrote:
> > > During upgrade a warning appears that X starts now with "-nolisten tcp"
> > > :-) . See /etc/X11/kdm/Xservers, delete "-nolisten tcp".
> > No please don't delete it (without a good reason).  The problem can be
> > solved in two other ways without any security loss.  a) use ssh as
> > described earlier or b) use :0 instead of localhost:0 and su - After su -
> > you can use (put it in a script) as root:
>  
> > export DISPLAY=:0
> > xauth -f ~<my-normal-user>/.Xauthority extract - $DISPLAY | xauth merge -
> 
> There's an even simpler way (tho I wouldn't understand why you don't use
> ssh):

Security: direct root login not permited  (never tried to figure out how
to allow root login only via localhost)
Minor: Overhead, response.  Compare x app via ssh tunneling and direct :0 access.
:0 is much more responsive.

> ln -fs /home/achim/.Xauthority /root/.Xauthority
> 
> That way root will always have the "Magic cookie" from X, when achim is
> logged in via X.

Because there can't be 3 /home/{achim,harald,joachim}/.Xauthority links, sig.
But for the standard 'this is my box' case you are right.  Done on my Laptop.
Thanks for the tip.

>  
> > > Greetings to Wuppertal from Munich,
> > Second greeting to Wuppertal from Munich, and first one from Munich to
> > Munich :)
> 
> All greetings from Hamburg to Wuppertal, Munich and also Munich ;)
> 
> are we provoking a pingpong here?

:)

Achim
>  
>  
> 
> -- 
> Jens Benecke                            > "Dann nimm lieber gleich Pattex!"
>                 "Na, ob das was hilft - der Hersteller ist schließlich eine 
>              Gesellschaft mit beschränkter Haftung :-)" (-- aus dem Usenet)
> http://www.hitchhikers.de/ - Die kostenlose Mitfahrzentrale für ganz Europa
> 

----------------------------------------
Content-Type: application/pgp-signature; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: 7bit
Content-Description: 
----------------------------------------

-- 
  To me vi is Zen.  To use vi is to practice zen. Every command is
  a koan. Profound to the user, unintelligible to the uninitiated.
  You discover truth everytime you use it.
                                      -- reddy@lion.austin.ibm.com

Reply to:

Follow-Ups:
- Re: Access Control behaves strange
  - From: Jens Benecke <jens@jensbenecke.de>

References:
- Access Control behaves strange
  - From: palme@uni-wuppertal.de (Hubert Palme)
- Re: Access Control behaves strange
  - From: Achim Bohnet <ach@mpe.mpg.de>
- Re: Access Control behaves strange
  - From: Jens Benecke <jens@jensbenecke.de>

Prev by Date: Re: Still those unreadable fonts
Next by Date: Re: Still those unreadable fonts
Previous by thread: Re: Access Control behaves strange
Next by thread: Re: Access Control behaves strange
Index(es):
- Date
- Thread