Am Fr, den 02.04.2004 schrieb Pepebuho um 01:39:
> Hi.
> I noticed that each time that I execute su and then gedit I get the
> following warning:
> (gedit:2378): GnomeUI-WARNING **: While connecting to session manager:
> Authentication Rejected, reason : None of the authentication protocols
> specified are supported and host-based authentication failed.
> Surfing Google i found the attached solution by Bruce Wolk, nevertheless
> I wonder why does it work. In fact why do we need it at all?
> I am not that good yet with scripts (I am newbie) but it looks
> like it is executing gedit on an new shell session where the contents
> of the current XUAUTHORITY were taken from root's .Xauthority.
> Is it safe? And if that variable is important, why is it not changed
> authomatically when I execute su?
> Also, I was checking for .Xauthority on my root directory and I saw not one
> xauthority but several files starting with .xauth
> Thaks!
> Javier
1) su is in many cases suboptimal as it switches not to a root login
shell but only to a root shell, see "man su" for - or -l. Better use "su
-" to get the whole environment for root.
2) root can do nearly everything and therefor "stealing" a user's
.Xauthority is possible for root. That leads to the next question ...
3) .Xauthority is the authority token file of the user running the X
session and in his ~, see "man Xsecurity". See also "man mcookie" for
generating an authority token.
4) A different method would be to let the user running X allow connects
from everyone on localhost with "xhost +localhost" in i.e. ~/.xinitrc.
root might set the $DISPLAY in his /root/.xinitrc.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 17:35:15 up 14 days, 1:17, load average: 0.07, 0.13, 0.08
[ ÎÎÏÎÎ Ï'ÎÏÏÎÎ - gnothi seauton ]
my life is a planetarium - and you are the stars
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
