Re: Truly stupid menu seting

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: Truly stupid menu seting
From: Vineet Kumar <debian-user@virtual.doorstop.net>
Date: Mon, 11 Mar 2002 09:10:06 -0800
Message-id: <[🔎] 20020311171006.GA8077@doorstop.net>
Mail-followup-to: Debian User List <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20020311093946.GB6889@mvz.xs4all.nl>
References: <[🔎] 20020310201156.GB25048@teddy.fas.com> <[🔎] 00a201c1c8c3$371fe6a0$0100a8c0@internal> <[🔎] 20020311005607.E12950@stud.ntnu.no> <[🔎] 20020311093946.GB6889@mvz.xs4all.nl>

* Matijs van Zuijlen (Matijs.van.Zuijlen@xs4all.nl) [020311 01:40]:
> On Mon, Mar 11, 2002 at 12:56:08AM +0100, Bjarne S. N?ss wrote:
> > > also, xhost + is probably not the safest thing to do if untrusted machines
> > > have network access to your machine
> > 
> > xhost +localhost is better.
> > 
> > But if xforwarding is enabled in ssh I prefer ssh root@localhost.
> > Takes care of the 'long' line export DISPLAY=localhost:0  =)
> > 
> > Bjarne
> 
> I don't need to use xhost *or* ssh at all to use X as root:
> It works fine when I just type (in an xterm):
> 
> su
> # <some-x-program>
> 
> Should I be worried now ;) ? I have no idea why this works, though I
> suspect it has something to do with that XAUTHORITY environment variable

No; this is expected behavior. When you "su", you get the environment of
the parent process, meaning the environment variables set in you
original (non-root user's) shell. This includes XAUTHORITY, but it also
includes PATH, so be extra careful. You probably don't want to use su
this way.

Earlier, people were speaking to "su -", which starts the new (root)
shell as a login shell, so the environment is set up the same as if root
had just logged in directly.

While I'm on the mic, I should (again) point out that "xhost +" "xhost
+localhost" or xhost just about anything is probably a bad idea. This
has been gone over many, many times on this list, so I won't go through
it in gory detail. I'll just say that xhost is old and dangerous, and
you should be using xauth instead. (Check the archives or google for
more info on why xhost is bad.)

Here's the basic procedure:

vineet$ su -
root# export DISPLAY=:0
root# xauth -merge ~vineet/.Xauthority

Then the root shell should be allowed to display X clients just like the
original shell.

Of course, like others have suggested, ssh root@localhost is another
way, but this won't work if you have root ssh logins disabled (which may
not be a bad idea). Besides maybe not being the most efficient (in a
cpu-time-sense) way of doing things, this can be a very convenient way
of running as root.

good times,
Vineet

-- 
Currently seeking opportunities in the SF Bay Area
Please see http://www.doorstop.net/resume/

Attachment: pgpTrENtFb6lp.pgp
Description: PGP signature

Reply to:

References:
- Truly stupid menu seting
  - From: stan <stanb@awod.com>
- Re: Truly stupid menu seting
  - From: "Shri Shrikumar" <shri@urbyte.com>
- Re: Truly stupid menu seting
  - From: Bjarne S. Næss <bjarnesk@stud.ntnu.no>
- Re: Truly stupid menu seting
  - From: Matijs van Zuijlen <Matijs.van.Zuijlen@xs4all.nl>

Prev by Date: Re: Adding /dev/hdXX nodes
Next by Date: e2fsck
Previous by thread: Re: Truly stupid menu seting
Next by thread: RE: Truly stupid menu seting
Index(es):
- Date
- Thread