Re: Xserver authorization/security
On Tue, Sep 07, 2004 at 08:55:07PM -0700, listcomm@ml1.net wrote:
> Thanks - and, you're right, and I had forgotten that; ".login" is a
> shell feature. (I probably didn't look in the "csh" or "tcsh"
> manuals...)
>
> The "Xauthority" tactic, if I understand correctly, is similar to
> using "xauth"; you have to run something from your login shell one
> way or another.
xauth and Xauthority are the same tactic.
xauth:
/home/joesmith/.Xauthority -> XAUTH cookies
/root/.Xauthority -> copied cookies
Xlib looks for cookies in ~/.Xauthority
XAUTHORITY:
/home/joesmith/.Xauthority -> XAUTH cookies
/root/.Xauthority -> NOT USED
Xlib looks for cookies in /home/joesmith/.Xauthority regardless of who
you are.
> What I'm trying to figure out, is how to get a system-level solution
> to the problem, so that it wouldn't be necessary, in the case of a
> system with several users any of whom might be the one to spawn the X
> server when they log in, for each user to have to have something in
> their login shell.
Does moving "export XAUTHORITY=$HOME/.Xauthority" from ~/.bashrc to
/etc/bash.bashrc do what you want?
--
The world's most effective spam filter:
ln -sf /dev/full /var/mail/$USER
Reply to: