[TriLUG] running X client as root in other accounts

Ed Warnicke hagbard at physics.rutgers.edu
Sun Jun 16 14:58:20 EDT 2002


NOOOOOOOOOO!!!! Don't do that.  When you type

xhost + 

you allow ANYONE ANYWHERE access to your X server.  While it is 
probable that your friendly distributor does not have your 
X server listening out on the public network, it is by no means assured.

The safe way of doing this is to use xauth.  xauth will allow you to 
set a magic cookie on your root account such that your X server will 
recognize it as being eligible to access your X server.  

First, as the non-root user who is running X type in an xterm:

xauth list $DISPLAY

which will output the xauth cookies associated with your current
display.  It should look something like:

debian/unix:0  MIT-MAGIC-COOKIE-1  f00004739672dece010d7e1faf01dca9

( note, the magic cookie has been changed to protect the innocent ).  

Then in the xterm where you have used su to become root type:

xauth add $DISPLAY . f00004739672dece010d7e1faf01dca9

( please note the big long number matches the one above ).  

Now your root user can access your X server and display X apps.  Since
the root user is caching the magic cookie in the .Xauthority file in 
roots homedir you will be able to display on this X server instance as
root as long as it keeps running.  

Ed
  
On Sun, 2002-06-16 at 14:42, Thunder Bear wrote:
> Open an xterm as the user who X is running under and run "xhost +"
> 
> That will fix it.
> 
> On Sun, 2002-06-16 at 11:15, uzoma nwosu wrote:
> > 
> > I really hope this is a simple question that I'm just missing the answer somewhere.  I'm running Debian Woody on an AMD K6-2 350 box.  Everything works fine for the most part.  It's just that when I try to run a xclient as root from a term in an another user account I get this error:
> > 
> > # xcdroast 
> > Xlib: connection to ":0.0" refused by server
> > Xlib: Client is not authorized to connect to Server
> > 
> > Gtk-WARNING **: cannot open display: :0.0
> > 
> > Now I've just ignored this issue because it's not task critical. However, I now wish to fix this.  So I humbly ask for suggestions.
> > 
> > Uzoma
> > 
> > _______________________________________________
> > TriLUG mailing list
> >     http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ:
> >     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
> 
> 
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20020616/aa53aea9/attachment.pgp>


More information about the TriLUG mailing list