Le 22/09/2017 à 18:51, Hector Gonzalez a écrit :
On 09/22/2017 05:10 AM, Didier Kryn wrote:
Le 22/09/2017 à 01:32, Arnt Karlsen a écrit :
You can probably justify 'xhost +' if this is one of those
I'm-the-only-user machines. Thank Ghu, remote network access to the X
server is no longer enabled by default on Linux hosts. (The right way
to do remote X11, IMO, is via 'ssh [email protected]', thereby
forwarding X11 across the authenticated ssh tunnel.)
One can argue that you should use 'ssh -Y' even locally so you get out
of the habit of using 'xhost +'. I won't argue that, but will just
put it out there.
..my prefecence was the -X option: ssh -X root@localhost
until Debian killed it with some new policy.
AFAIR, ssh -Y is used for backward compatibility with old
software (like libroot), but, normally, -X is enough.
I don't know how one can prevent you from running ssh -X
root@localhost . Permission to do so is set/unset in
/etc/ssh/sshd_config .
But gksu or gksudo do not require ssh at all.
You can also do this, assuming your original user is "user":
XAUTHORITY=~user/.Xauthority
export XAUTHORITY
DISPLAY=:0.0
export DISPLAY
and use x with that. You don't add permissions, and there is no need
to use ssh to forward localhost connections. If XAUTHORITY is
missing, you need xauth installed, but that should already be there if
you have ssh and X anyway. root should have permission to read
~user/.Xauthority unless you are using a non local home directory.
That's a much nicer solution than openning a window to ask the
password. Just a question: do su and sudo transmit these environment
variables? I bet for sudo, it is configurable.
Didier
_______________________________________________
Dng mailing list
[email protected]
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
