[arch-general] Which security setting in Arch prevents forwarding X apps when su root?
David C. Rankin
drankinatty at suddenlinkmail.com
Thu Oct 8 23:05:06 EDT 2009
On Thursday 08 October 2009 09:56:06 am Thomas Bächler wrote:
> David C. Rankin schrieb:
> > Listmates,
> >
> > Which setting in Arch prevents forwarding apps when you ssh -X in an Arch
> > box, su and then try to start a kde app, etc.? X forwarding works just
> > fine as a user, but when trying it su'ed to root, I get the following
> > error:
> >
> > [23:29 archangel:/etc] # kwrite
> > X11 connection rejected because of wrong authentication.
> > kwrite: cannot connect to X server localhost:10.0
> >
> > kdm config? X config? Any pointers/links would be appreciated.
>
> The suggestions made so far are either dangerous (xhost) or complicated
> (xauth, sux, kdesu, ...). You can have pam handle your authentication
> cookies if you add the following line to /etc/pam.d/su:
>
> session optional pam_xauth.so
>
> Now, run "su" or "su -" to get root, and it will have access to X.
>
Thomas, All,
Thanks for all the great answers. I now know how it works! I had no idea
about the cookie, but that makes sense now. I will have to check my suse
config to see how it is done there. They have something configured so it is
automatic. Yep, they use Thomas' suggestion:
22:03 dcrgx:/etc/pam.d> cat su
#%PAM-1.0
auth sufficient pam_rootok.so
auth include common-auth
account include common-account
password include common-password
session include common-session
session optional pam_xauth.so
That explains it. Thanks for the help.
--
David C. Rankin, J.D.,P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com
More information about the arch-general
mailing list