Re: connection refused to video?
On Thu, 25 Jan 1996 Dirk.Eddelbuettel@qed.econ.queensu.ca wrote:
> Unix is a multi-user environment. A user "kevin" could be someone else than
> "root". When "kevin" runs X11, "kevin" owns the display. Noone, not even root is
> allowed to play with it.
>
> You can change that by allowing your own host to display on your own
> host. Ie, if your hostname is "zaphod", then add
> xhost +zaphod
> to your ~/.xsession file.
No no no! Don't do that! That allows _any_ user on your machine to
access your X server, potentially recording every keypress, the contents
of all your windows, and so on.
The proper way to do this is to extract the magic cookie for your display
from your .Xauthority file using the 'xauth' program, and insert it into
the .Xauthority file of the user who needs to access your display (root
in the case of the question that you answered).
Just copying the .Xauthority file or making a symbolic link will work in
most cases, but fails when you are using more than one X terminal. Example:
root logs in on alice:0.0
sde1000 logs in on bob:0.0
sde1000 (who knows the root password) wants to use 'su' to start an emacs
owned by root on bob:0.0.
If sde1000 just does:
$ su
Password:
# cd
# ln -s ~sde1000/.Xauthority .
...then starting the root emacs on bob:0.0 will work. However, root will
no longer be able to start any clients on alice:0.0 because the cookie
has been lost.
The correct way would be along the lines of:
$ su
Password:
# cd
# xauth -f ~sde1000/.Xauthority -q extract - bob:0.0 | xauth merge -
root would now have the cookies for alice:0.0 and bob:0.0 in his
.Xauthority file. With a small amount of attention to detail you can turn
this into a shell script.
Steve Early
sde1000@cam.ac.uk
Reply to: