[NTLUG:Discuss] linuxconf

[Rick Cook]

On Thursday 21 February 2002 12:03, MadHat wrote:
> before when I have had this problem, I run
>
> xhost + `hostname`
>
> before I su to root.  This sets up xhost to allow connections from
> anyone on the local host.  I think there are better and more secure
> ways of doing this, but I can't remembr right now.


xauth nlist $DISPLAY | ssh root at localhost xauth nmerge -


This method actually generalizes to any host/any user. It obviously 
implies that you know the password (or have some other type of ssh 
authentication worked out) for whichever user on whatever machine you 
use. For some reason, the current xauth manpage does not include this 
example. Basically, the command sequence extracts a numeric 
representation of your X authentication "certificate", passes it over a 
secure ssh link and allows the other user to install that certificate 
in their own .Xauthority file.


Another option using ssh is:

ssh -nf -X <username>@<hostname> <some X command>



For a "single command" type execute as root, you can simply use:

sudo <whatever X based command you want>

and provide your own password (assuming your userid is in 
/etc/sudoers). This way, it is still your userid that is having to pass 
the X authentication.



And for the "quick and dirty does it" among you. This still leaves your 
X server secure while allowing root:

as root:

# cp ~<username>/.Xauthority ~


Of course, if root is logged in to X somewhere, this will hose that 
Xserver.


And on Thursday 21 February 2002 14:31, Patrick Parks wrote:
> Thanks for the responses, and this solution does work, but why do I
> have to do this now, and did not before, is it inherent to Red Hat
> 7.2?

I would guess that RedHat changed their policy on how their default X 
authentication works in 7.2 (or, perhaps, you switched to using 
kdm/gdm/xdm rather than startx).

Until recently, most distributions had default X authentication set 
_very_ insecurely.



Rick