On 22 Dec, Kirk Hogenson wrote: > The problem is that "you" own the X session, "root" doesn't. > > The easiest way to get this to work is to type > > xhost + localhost > > before you do your su. This means that you'll let anyone > from the host "localhost" (ie, your computer) connect to your > X. > > However, I recall there were some security risks associated with > using xhost like this... maybe someone else will point them out. > If you aren't connected to a network (or just dial up occasionally > using, eg, ppp) then you should have no problems. (Using > "xhost + localhost" helps, lots of people just use "xhost +", > which allows *anyone* from *anywhere* access -- bad idea.) > > If you don't trust people who might be logging in to your > machine remotely, you probably don't want to do this. > > Kirk > > > Jesse Evans wrote: >> >> Hi, folks! >> >> I like to use fte as my default editor, however, when I su to modify >> my system I cannot use it. I get the following messages: >> >> Xlib: connection to ":0.0" refused by server >> Xlib: Client is not authorized to connect to Server >> Could not open display: :0.0 >> >> However, if I log in as root (as opposed to su from my users >> account, it works just fine. Any ideas as to what's up? >> >
xhost + localhost allows anyone logged in to open new windows on the display, capture keystrokes, etc. An alternate method (without the security problems of xhost + ______) is to do export XAUTHORITY=/home/_user_currently_logged_in_/.Xauthority after the 'su'. This gives root the same permissions that the currently logged in user has over the X display, without extending those permissions to anyone else at the same time. -- Stephen Ryan Debian GNU/Linux Mathematics graduate student, Dartmouth College
