[arch-general] Which security setting in Arch prevents forwarding X apps when su root?
Listmates, Which setting in Arch prevents forwarding apps when you ssh -X in an Arch box, su and then try to start a kde app, etc.? X forwarding works just fine as a user, but when trying it su'ed to root, I get the following error: [23:29 archangel:/etc] # kwrite X11 connection rejected because of wrong authentication. kwrite: cannot connect to X server localhost:10.0 kdm config? X config? Any pointers/links would be appreciated. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
On Thu, Oct 8, 2009 at 12:32 AM, David C. Rankin <drankinatty@suddenlinkmail.com> wrote:
Listmates,
Which setting in Arch prevents forwarding apps when you ssh -X in an Arch box, su and then try to start a kde app, etc.? X forwarding works just fine as a user, but when trying it su'ed to root, I get the following error:
[23:29 archangel:/etc] # kwrite X11 connection rejected because of wrong authentication. kwrite: cannot connect to X server localhost:10.0
kdm config? X config? Any pointers/links would be appreciated.
You don't need to use su. Instead, use tools like kdesu or gksu to use X apps as root: $ kdesu kwrite
2009/10/8 David C. Rankin <drankinatty@suddenlinkmail.com>:
Listmates,
Which setting in Arch prevents forwarding apps when you ssh -X in an Arch box, su and then try to start a kde app, etc.? X forwarding works just fine as a user, but when trying it su'ed to root, I get the following error:
[23:29 archangel:/etc] # kwrite X11 connection rejected because of wrong authentication. kwrite: cannot connect to X server localhost:10.0
kdm config? X config? Any pointers/links would be appreciated.
-- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
[lukas@red_dragon local]$ xhost +local:root non-network local connections being added to access control list [lukas@red_dragon local]$ su Password: [root@red_dragon local]# gui_app
Which setting in Arch prevents forwarding apps when you ssh -X in an Arch box, su and then try to start a kde app, etc.? X forwarding works just fine as a user, but when trying it su'ed to root, I get the following error:
[23:29 archangel:/etc] # kwrite X11 connection rejected because of wrong authentication. kwrite: cannot connect to X server localhost:10.0
In order for X apps to connect to the X server they need to provide a security cookie. The standard path for the cookie is ~/.Xauthority . ssh -X does append the cookie to this file so that's why you can start X apps when logged in as user. But when you "su", ~/.Xauthority is now another file (/root/.Xauthority) and that one doesn't have the cookie. As Eric said, kdesu or gsu are sollution ... or you could copy the Xauthority file
kdm config? X config? Any pointers/links would be appreciated.
none -- damjan
Damjan Georgievski wrote:
Which setting in Arch prevents forwarding apps when you ssh -X in an Arch box, su and then try to start a kde app, etc.? X forwarding works just fine as a user, but when trying it su'ed to root, I get the following error:
[23:29 archangel:/etc] # kwrite X11 connection rejected because of wrong authentication. kwrite: cannot connect to X server localhost:10.0
In order for X apps to connect to the X server they need to provide a security cookie. The standard path for the cookie is ~/.Xauthority . ssh -X does append the cookie to this file so that's why you can start X apps when logged in as user. But when you "su", ~/.Xauthority is now another file (/root/.Xauthority) and that one doesn't have the cookie.
As Eric said, kdesu or gsu are sollution ... or you could copy the Xauthority file
kdm config? X config? Any pointers/links would be appreciated.
none
If I understand correctly, this should happen automatically if you use the following: aur/sux 1.0.1_5-1 (38) A wrapper around su which will transfer your X credentials -Tim
David C. Rankin schrieb:
Listmates,
Which setting in Arch prevents forwarding apps when you ssh -X in an Arch box, su and then try to start a kde app, etc.? X forwarding works just fine as a user, but when trying it su'ed to root, I get the following error:
[23:29 archangel:/etc] # kwrite X11 connection rejected because of wrong authentication. kwrite: cannot connect to X server localhost:10.0
kdm config? X config? Any pointers/links would be appreciated.
The suggestions made so far are either dangerous (xhost) or complicated (xauth, sux, kdesu, ...). You can have pam handle your authentication cookies if you add the following line to /etc/pam.d/su: session optional pam_xauth.so Now, run "su" or "su -" to get root, and it will have access to X.
On Thursday 08 October 2009 09:56:06 am Thomas Bächler wrote:
David C. Rankin schrieb:
Listmates,
Which setting in Arch prevents forwarding apps when you ssh -X in an Arch box, su and then try to start a kde app, etc.? X forwarding works just fine as a user, but when trying it su'ed to root, I get the following error:
[23:29 archangel:/etc] # kwrite X11 connection rejected because of wrong authentication. kwrite: cannot connect to X server localhost:10.0
kdm config? X config? Any pointers/links would be appreciated.
The suggestions made so far are either dangerous (xhost) or complicated (xauth, sux, kdesu, ...). You can have pam handle your authentication cookies if you add the following line to /etc/pam.d/su:
session optional pam_xauth.so
Now, run "su" or "su -" to get root, and it will have access to X.
Thomas, All, Thanks for all the great answers. I now know how it works! I had no idea about the cookie, but that makes sense now. I will have to check my suse config to see how it is done there. They have something configured so it is automatic. Yep, they use Thomas' suggestion: 22:03 dcrgx:/etc/pam.d> cat su #%PAM-1.0 auth sufficient pam_rootok.so auth include common-auth account include common-account password include common-password session include common-session session optional pam_xauth.so That explains it. Thanks for the help. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
On 10/08/2009 12:32 AM, David C. Rankin wrote:
Listmates,
Which setting in Arch prevents forwarding apps when you ssh -X in an Arch box, su and then try to start a kde app, etc.? X forwarding works just fine as a user, but when trying it su'ed to root, I get the following error:
[23:29 archangel:/etc] # kwrite X11 connection rejected because of wrong authentication. kwrite: cannot connect to X server localhost:10.0
kdm config? X config? Any pointers/links would be appreciated.
There's no setting - that just won't work. Think about it: you did an "ssh -X" as some user, thereby establishing an X configuration for that user. Then you su'd to root. Then you tried to run an X application as root ... when root has no X configuration established. Probably best way to work around: [me@local ~]$ ssh -X me [me@remote ~]$ kdesu kwrite HTH, DR
What about 'ssh -Y' instead 'ssh -X' ?
participants (8)
-
Alexandr Bashmakov
-
Damjan Georgievski
-
David C. Rankin
-
David Rosenstrauch
-
Eric Bélanger
-
Lukáš Jirkovský
-
Thomas Bächler
-
Tim Gelter