[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Root can't run X programs

On Tue, Apr 29, 2003 at 07:10:06AM -0500, David Krider wrote:
||  Cameron Hutchison wrote:
||  >The next bit of juju is to set the environment variable XAUTHORITY to
||  >~<user>/.Xauthority, where <user> is the user that started the xserver.

This shouldn't be necessary, since X clients default to $HOME/.Xauthority
for locating xauth cookies when XAUTHORITY is undefined.

Ahh, wait, I missed the context. You're setting XAUTHORITY as root
to ~mortaluser/.Xauthority. That's a good option.

||  This is great. What about taking it to the next level? What I mean is
||  that I had been thinking about actually extracting the cookie from the
||  server's auth file and sticking it in root's .Xauthority file for good
||  (this is what Red Hat does), but I wasn't sure if the auth file changed
||  on Debian.

Xdm generates a fresh cookie for every session and transmits it to
the X server through the XDMCP protocol.

Startx generates a fresh cookie for the session being started. Or
it least, it should.

||             Unforunately, after checking, it seems like the auth file
||  does change on every start of the X server.

You can modify the startx script to copy the cookie to ~root/.Xauthority.

Picking up the cookie that xdm uses can be done in the Xsession
script which is run at the beginning of every session. Or actually,
Xsession *is* the session under xdm, IIRC. I think the cookie is
stored somewhere in /var/run/xdm/auth/something. Check your xdm
config files for details.

However, I don't think this should be done by default, because it
would come too close to violating the privacy of the users, especially
for remote X session.

||                                              I see that
||  /etc/kde2/kdm/Xservers has a line to start the X server, but in a `ps
||  -ef' listing, I see an additional "-auth" option. How does this get to
||  be a part of the command?

Not sure about kdm. Can't remember if xdm does this too, but I don't
think so.

Ciao.                                                            Vincent.

Reply to: