* Matijs van Zuijlen (Matijs.van.Zuijlen@xs4all.nl) [020311 01:40]: > On Mon, Mar 11, 2002 at 12:56:08AM +0100, Bjarne S. N?ss wrote: > > > also, xhost + is probably not the safest thing to do if untrusted machines > > > have network access to your machine > > > > xhost +localhost is better. > > > > But if xforwarding is enabled in ssh I prefer ssh root@localhost. > > Takes care of the 'long' line export DISPLAY=localhost:0 =) > > > > Bjarne > > I don't need to use xhost *or* ssh at all to use X as root: > It works fine when I just type (in an xterm): > > su > # <some-x-program> > > Should I be worried now ;) ? I have no idea why this works, though I > suspect it has something to do with that XAUTHORITY environment variable No; this is expected behavior. When you "su", you get the environment of the parent process, meaning the environment variables set in you original (non-root user's) shell. This includes XAUTHORITY, but it also includes PATH, so be extra careful. You probably don't want to use su this way. Earlier, people were speaking to "su -", which starts the new (root) shell as a login shell, so the environment is set up the same as if root had just logged in directly. While I'm on the mic, I should (again) point out that "xhost +" "xhost +localhost" or xhost just about anything is probably a bad idea. This has been gone over many, many times on this list, so I won't go through it in gory detail. I'll just say that xhost is old and dangerous, and you should be using xauth instead. (Check the archives or google for more info on why xhost is bad.) Here's the basic procedure: vineet$ su - root# export DISPLAY=:0 root# xauth -merge ~vineet/.Xauthority Then the root shell should be allowed to display X clients just like the original shell. Of course, like others have suggested, ssh root@localhost is another way, but this won't work if you have root ssh logins disabled (which may not be a bad idea). Besides maybe not being the most efficient (in a cpu-time-sense) way of doing things, this can be a very convenient way of running as root. good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume/
Attachment:
pgpTrENtFb6lp.pgp
Description: PGP signature