Le Wed, 17 Oct 2018 04:40:49 -0400, Gene Heskett <gheskett@shentel.net> a écrit : > On Wednesday 17 October 2018 04:00:37 Morel Bérenger wrote: > > > Le Tue, 16 Oct 2018 17:53:37 -0400, > > > > Gene Heskett <gheskett@shentel.net> a écrit : > > > On Tuesday 16 October 2018 13:11:45 Greg Wooledge wrote: > > > > On Tue, Oct 16, 2018 at 12:43:40PM -0400, Gene Heskett wrote: > > > > > #1 is ssh -Y has been killed from jessie on. No excuse for > > > > > doing it and bug filing is ignored. > > > > > > > > I don't know what you mean by this. I just performed the > > > > following experiment on my stretch workstation (wooledg), in > > > > communications with a stretch server (arc3) elsewhere on our > > > > network. > > > > > > > > 1) Already logged into wooledg, I opened a new urxvt window. > > > > > > > > 2) In this window, I typed: ssh -Y arc3 > > > > > > > > 3) After authenticating to arc3 with a password, at the shell > > > > prompt, I typed: xterm > > > > > > > > 4) After a moment, a new xterm window appeared on my display. > > > > > > Thats expected. Now enter synaptic-pkexec. It should ask you, if > > > you are user 1000, for a passwd and given it, it will run. But > > > after wheezy, its not possible. LinuxCNC's graphics needs are > > > modest, and it will run, as the user. But its not root. And root > > > is denied regardless of how you go about obtaining root > > > permissions. > > > > Also, I wonder if you tried to do that through, for example Xephyr? > > Might workaround the issue you have? > > Well I was just reminded that gksudo works. Now what the heck is > Xephyr? Google says its x on x, whatever that means. I'll try to > remember that and play with it if its available for wheezy & later. > > Thanks Morel Bérenger. > The ncurses mode of aptitude says Xephyr is a X server that can be executed inside another X server, more or less like Xnest (or xming, for people like me that had to work on a windows station but wanted to keep a nice wm embedded on personal hardware ;)). I can not really explain how this works, but in short you could consider a remote system providing the performances stuff (hard disk space, strong CPU, tons or RAM...) and opening the X session on local systems. I think it might fix your problem because basically, su-programs (probably PAM modules, in fact) do some security related checks to avoid passwords to be sniffed by a client on another computer: which is what I would expect a ssh -Y gksudo do. If my explanation is not clear (and I'm certain of it), it's because I don't really master that side of systems, sorry for that :)
Attachment:
pgp74wls7f0Cw.pgp
Description: Signature digitale OpenPGP