Re: running root X programs
>
> I know this has been addressed before, I've tried searching the archives
> for it, but without success.
>
> How do you run an X program as root whilst still in a user X session?
>
# Date: Tue, 07 Jul 1998 16:19:01 -0500
# From: "Jens B. Jorgensen" <jjorgens@bdsinc.com>
# Organization: Business Data Services, Inc.
# MIME-Version: 1.0
# To: Will Lowe <harpo@UDel.Edu>, ej@pitnet.net,
# Debian Users <debian-user@lists.debian.org>
# Subject: export XAUTHORITY=$(echo /var/lib/xdm/authdir/authfiles/*)
# Resent-From: debian-user@lists.debian.org
# -------------
# Will Lowe wrote:
#
# > On Tue, 7 Jul 1998 ej@pitnet.net wrote:
# >
# > > Unless explicitly told to do so using xhost, X does not allow anybody
# > > other than the person who started it to open windows on its desktop,
# > > not even root. I could never figure out the proper syntax for xhost,
# > > however, so I usually end up just using 'xhost +' which disables all
# > > access control and then 'xhost -' when I'm done.
# >
# > That's pretty insecure. I've seen instances where people on our campus
# > (admittedly, a large one with relatively insecure systems anyway) have
# > had other people connect to their X displays because they'd done the
# > "xhost +" bit. Generally more a nuisance than a real security concern,
# > but still... "xhost + locahost" is only marginally more secure ... with
# > that one, just anyone on the x machine can connect ... so on a system
# > which distributes campus email, that's a few thousand people here...
# >
# > Go for "sudo".
#
# Actually, it's potentially much more than a nuisance. An X client can capture
# all your keystrokes. You do the math.
#
# To just allow root to run an X app when you logged in as someone other than
# root do:
#
# chilin$ su
# Password:
# chilin# export XAUTHORITY=$(echo /var/lib/xdm/authdir/authfiles/*)
#
# This way you can log access the server using the xauth data which only you and
# root have access to. Neato.
# Try it!
#
# - --
# Jens B. Jorgensen
# jjorgens@bdsinc.com
Reply to: