[TriLUG] running X at the server console

Geoff Purdy gpurdy at cogentneuroscience.com
Thu Jan 17 09:08:23 EST 2002 

You make a good point about internal vs. external servers.  I probably
should have originally specified that this server is behind a firewall and
is available only on a private network.  So security is a concern, but not
as high a priority as if this box were outside the firewall.

I'm guessing the crashes had to be related to X11 / KDE in some form.  The
system crashed three times in a row when booted into runlevel 5 and has been
fine since booted into runlevel 3.

Thanks to everyone for your advice.  This discussion has been very
informative.

Geoff

> -----Original Message-----
> From: Tanner Lovelace [mailto:lovelace at wayfarer.org]
> Sent: Wednesday, January 16, 2002 9:47 PM
> To: trilug at trilug.org
> Subject: Re: [TriLUG] running X at the server console
> 
> 
> On Wed, 2002-01-16 at 18:54, Christian J Hedemark wrote:
> > Tanner,
> > 
> > We're probably attacking the angle from different angles.  
> My professional
> > experience has been mostly in environments where you have a big
> > multiprocessor UNIX box, and a bunch of (essentially) X 
> terminals providing
> > GUI access to these big hosts.  Asking the users to run a 
> locked down UNIX
> > distribution on their desktop, using ssh to get in, etc. is 
> too convoluted
> > for real world use for most people.
> > 
> > If you're running a web server or something like that, yes, 
> I agree this
> > would be inappropriate.  But in the case of the more 
> traditional use of
> > large UNIX hosts, this is the only practical solution.  I doubt X11
> > standards are under any further development right now, but 
> if they were
> > maybe they ought to consider using some sort of SSL 
> encryption on X windows
> > traffic (if both sides supported it of course).
> 
> Chris,
> 
> I believe you are completely correct.  I think the main problem is
> that the word "server" is overloaded.  You really need to specify
> an adjective with it. Is it a mail server?  A web server?  An X
> server?  For something that needs to be located on the outside
> of a firewall like a mail or web server, I believe it is a bad
> idea to run X, especially with remote logins enabled.  For a 
> machine meant to act as an X server, however, you are completely
> correct.  X must be on, or you don't have a server. :-)  People
> need to understand, however, that such a server should most
> definitely be located *behind* some sort of firewall and should
> not be directly on the Internet.
> 
> This is certainly a valid form of securing a network.  When I worked 
> at SGI the most interesting thing about it was that no one used
> any kinds of passwords.  This made it easy for people to work 
> together and pretty much removed any incentive for insiders to
> hack co-workers computers.  The flip side of this was that their
> network border security was phenomenal!  It had to be, because
> if anyone got in, everything was wide open.
> 
> Tanner
> -- 
> Tanner Lovelace | lovelace at wayfarer.org | http://wtl.wayfarer.org/
> --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
> GPG Fingerprint = A66C 8660 924F 5F8C 71DA  BDD0 CE09 4F8E DE76 39D4
> GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
> --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
>  Those who are willing to sacrifice essential liberties for a little 
>  order, will lose both and deserve neither.  --  Benjamin Franklin 
> 
>  History teaches that grave threats to liberty often come in times
>  of urgency, when constitutional rights seem too extravagant to 
>  endure.  --  Justice Thurgood Marshall, 1989 
>

More information about the TriLUG mailing list