David selby <debian@pusspaws.net> writes:
I can enable other users to log into my x server with xhost +, I need
to do this because I want ro run a program via user web crontab which
uses xmessage.
Uh, there's no better solution at all? With the default Debian
settings, the X server doesn't listen on a TCP port anyways, and so
xhost is pretty useless. 'xhost +' makes it possible for ANY USER
ANYWHERE IN THE WORLD to access your X server, spy on your keystrokes,
capture passwords you type into xterms, that sort of thing: you
*really* don't want to do it.
Idealy I would like only root user to be able to access my x server
... (less users who can access it, more secure ... rule of thumb) so I
tried ...
...having some way for the cron job to figure out who the user logged
into :0.0 is, and setting the XAUTHORITY environment variable to
/home/$THATUSER/.Xauthority before running the job.
You might read the Remote-X-Apps mini-HOWTO, which discusses X
security controls in some detail.
'xhost +' makes it possible for ANY USER
ANYWHERE IN THE WORLD to access your X server, spy on your keystrokes,
capture passwords you type into xterms, that sort of thing: you
*really* don't want to do it