[arch-general] Which security setting in Arch prevents forwarding X apps when su root?
Listmates, Which setting in Arch prevents forwarding apps when you ssh -X in an Arch box, su and then try to start a kde app, etc.? X forwarding works just fine as a user, but when trying it su'ed to root, I get the following error: [23:29 archangel:/etc] # kwrite X11 connection rejected because of wrong authentication. kwrite: cannot connect to X server localhost:10.0 kdm config? X config? Any pointers/links would be appreciated. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
On Thu, Oct 8, 2009 at 12:32 AM, David C. Rankin <drankinatty@suddenlinkmail.com> wrote:
You don't need to use su. Instead, use tools like kdesu or gksu to use X apps as root: $ kdesu kwrite
2009/10/8 David C. Rankin <drankinatty@suddenlinkmail.com>:
[lukas@red_dragon local]$ xhost +local:root non-network local connections being added to access control list [lukas@red_dragon local]$ su Password: [root@red_dragon local]# gui_app
In order for X apps to connect to the X server they need to provide a security cookie. The standard path for the cookie is ~/.Xauthority . ssh -X does append the cookie to this file so that's why you can start X apps when logged in as user. But when you "su", ~/.Xauthority is now another file (/root/.Xauthority) and that one doesn't have the cookie. As Eric said, kdesu or gsu are sollution ... or you could copy the Xauthority file
kdm config? X config? Any pointers/links would be appreciated.
none -- damjan
Damjan Georgievski wrote:
If I understand correctly, this should happen automatically if you use the following: aur/sux 1.0.1_5-1 (38) A wrapper around su which will transfer your X credentials -Tim
David C. Rankin schrieb:
The suggestions made so far are either dangerous (xhost) or complicated (xauth, sux, kdesu, ...). You can have pam handle your authentication cookies if you add the following line to /etc/pam.d/su: session optional pam_xauth.so Now, run "su" or "su -" to get root, and it will have access to X.
On Thursday 08 October 2009 09:56:06 am Thomas Bächler wrote:
Thomas, All, Thanks for all the great answers. I now know how it works! I had no idea about the cookie, but that makes sense now. I will have to check my suse config to see how it is done there. They have something configured so it is automatic. Yep, they use Thomas' suggestion: 22:03 dcrgx:/etc/pam.d> cat su #%PAM-1.0 auth sufficient pam_rootok.so auth include common-auth account include common-account password include common-password session include common-session session optional pam_xauth.so That explains it. Thanks for the help. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
On 10/08/2009 12:32 AM, David C. Rankin wrote:
There's no setting - that just won't work. Think about it: you did an "ssh -X" as some user, thereby establishing an X configuration for that user. Then you su'd to root. Then you tried to run an X application as root ... when root has no X configuration established. Probably best way to work around: [me@local ~]$ ssh -X me [me@remote ~]$ kdesu kwrite HTH, DR
What about 'ssh -Y' instead 'ssh -X' ?
participants (8)
-
Alexandr Bashmakov
-
Damjan Georgievski
-
David C. Rankin
-
David Rosenstrauch
-
Eric Bélanger
-
Lukáš Jirkovský
-
Thomas Bächler
-
Tim Gelter