> -----Original Message----- > From: Vineet Kumar [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 25, 2003 2:12 PM > To: [EMAIL PROTECTED] > Subject: Re: Newbee-ish X and root question > > > Two things. Environment variables, to be precise. The two > in question > are DISPLAY and XAUTHORITY. The former tells X clients where the > display is (after all, it could be another X server on this > machine, or > another machine entirely ... it s X after all =). The latter tells X > clients how to authenticate themselves to that display. Your > display is > smart enough to not just allow anybody that tries to connect > to it. The > dangers of such actions are greater than just anybody being able to > display nasty pictures on your screen, but also to take more control > over your X session's behavior, such as changing the way your pointer > and/or keyboard behave. Note that using xhost generally leaves your > arse wide open like this, which is why You Should Never Use > Xhost. (If > you don't know what xhost is, great. Just know that if anybody ever > tells you to use it, they're giving you bad advice.) > > The XAUTHORITY environment variable points to a file in which a 'magic > cookie' is stored. The X server won't allow any client to > connect if it > doesn't know the magic cookie. When you 'su -m', your > original XAUTHORITY > environment variable is still present in root's environment. This > points at a file in your non-root-user's home directory. Since you're > now root, you have permission to read that file and get the > magic cookie > contained inside. The corollary is that this method won't > work (without > a minor adjustment) when using 'su -m' to become another > non-root user. > For that, you can either use the xauth tool or modify the > permissions on > your xauthority file to allow the other user to read it. (Or you can > manually give them the cookie, which is basically something that xauth > will help you do less manually.) > > good times, > Vineet > -- > http://www.doorstop.net/ > -- > "If we do not believe in freedom of speech for those we > despise we do not > believe in it at all." --Noam Chomsky >
Vineet, Good information, thanks for that!! Barry deFreese Technology Services Manager Nike Team Sports (949)-616-4005 [EMAIL PROTECTED] "Technology doesn't make you less stupid; it just makes you stupid faster." Jerry Gregoire - Former CIO at Dell -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
