[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: xauth problem



"Jens B. Jorgensen" <jjorgens@bdsinc.com> writes:

> Remco Blaakmeer wrote:
> <snip>
> > Don't do that. The minute root writes to that file (when root logs in to X
> > or uses the xauth command), it becomes owned by root and the user can't
> > log in to X anymore.
> >
> > What you could do is using ssh. This command will do the trick:
> >
> > xterm -title Root -n Root -e ssh -l root localhost
> >
> > You can add it to a Fvwm(1,2,2-95) menu or button bar.
> >
> > ssh will take care of X forwarding automatically, no matter if you
> > 'connect' to the localhost or another host. In any ssh session, you can
> > simply do something like "xterm &" and the window will appear on the local
> > screen.
>
> Sir you are missing the point. Stop confusing the guy. What you're
> saying is based upon an assumption that this trick would be used
> whenever root logged in. Now why would that be necessary? If you log
> into xdm as root you won't *need* to futz with this stuff because
> xdm will have already set it up for you. The *only* reason he'd be
> doing this is because he su'd to root while logged in as another
> user. Note that I told him to do this *after* he su'd to root. In
> this case, .Xauthority will not be written to, only read.

Assuming, of course, that root never uses the xauth command.  While
this may be a safe assumption most of the time, it isn't always.
Also, there are other circumstances in which entries are added to the
~/.Xauthority file - I haven't quite tracked them down, but both my
root ~/.Xauthority file and my user's ~/.Xauthority file contains
several entries of the form:
ppp83.hcf.jhu.edu:0  MIT-MAGIC-COOKIE-1  <digits>

I obtain ip addresses automatically when I dial up via ppp; several
(though not all) recent IP addresses show up in lines like this.  I
never put these there explicitly with xauth; however, they seem to
accumulate which makes me think that something will write to
$XAUTHORITY without direct intervention.  I believe this validates
Remco's concern about root writing a user's .Xauthority.

>                                                           And, why
> the hell would he want to use ssh? He's doing this on the same
> frigging machine. He said he logged in with xdm right? Damn it I
> hate it when people spread disinformation like this.

It appears to me that in your rush to condemn Remco for not
understanding what was going on you failed to realize what a usable,
general, and elegant solution this root xterm is to the usual annoyance 
of doing X stuff as root.  (and there's no danger of root ever writing 
to ~user/.Xauthority)  Further, the command line given is aimed very
clearly at a user trying to do root things on the same machine he's
sitting at - ssh may be overkill, but there's not anything less
comprehensive that handles Xauthority forwarding.  My assumption is
that you saw "ssh" and missed the "localhost".

That Remco responded as civily as he did is one of the things that
continues to amaze me about this list.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .


Reply to: