Re: X authentication and su (Re: changing framebuffer device owner during login)
On Sun, Jun 17, 2001 at 02:27:41PM -0400, Matt Zimmerman wrote:
> Instead, add a line like this:
>
> export XAUTHORITY=~/.Xauthority
>
> To your shell initialization file. As long as you su without the '-' argument,
> this variable will be preserved, and X clients will be able to authenticate to
> your display.
AFAIK, using su without the '-' is bad style. Your $TMPDIR will be laced
with root-owned files. The lights dim when you run vipw, because $EDITOR
is set to /usr/bin/X11/gnome-xemacs-with-kitchen-and-restaurant-mule-i18n.
Worst of all, you will no longer be able to run traceroute, even as
root (even with the suid bit on!), because /usr/sbin isn't in luser's
default $PATH... Mwwuuuhahaha!
Also, reusing the XAUTHORITY environment variable doesn't work generally
for all users that one would like to su to. It works for root because
root can read anyone's files, even when said files are mode 600 (
as .Xauthority is supposed to be.)
You might as well:
luser> $ su -
password:
root> # export DISPLAY=:0
root> # export XAUTHORITY=~luser/.Xauthority
root> # /sbin/netscape & # just kidding, tee hee hee
It Works For Me.
The portable solution that works for su'ing to other users as well is to
use the proper interface, xauth, directly.
luser> xauth list
[lines with stuff, copy the "unix" one for your local display]
luser> su - paranoid
password:
paranoid> export DISPLAY=:0
paranoid> xauth add [now paste that line you just copied here]
paranoid> /usr/bin/X11/untrusted-binary &
Cheers,
Joost
Reply to: