Chris Green chris@areti.co.uk writes:
Richard Kettlewell wrote:
Steve Engledow stechjo@btinternet.com writes:
Just means your X session isn't allowing requests from any user other than the one that started the session. Very sensible really. If you do an 'xhost +' before su-ing you'll be ok.
I wish people would stop recommending "xhost +".
It's surely OK on a 'closed' network where all the systems are behind a firewall which protects them from the nasty outside world.
Firstly, firewalls don't guarantee that hostile code won't run "inside" them; at best they merely eliminate certain lines of attack. (And that's assuming they don't themselves have bugs.) Consider that email clients and web browsers may have vulnerabilities; people plug their laptops into multiple different networks; people try to hack their own employer; etc.
Secondly, advice doesn't only get used in the situation(s) the adviser imagines, either because they don't know all about the recipient's situation, because people other than the intended recipient follow it, because the recipient's situation changes, etc. So, people giving advice ought to make at least *some* effort to ensure it doesn't have terrible consequences in some of the situations it might be used.
(You can hardly expect watertight advice that covers all possible situations on a user group mailing list. But "xhost +" doesn't even come close.)
In the case of X authentication for root there are several more suitable alternatives, for instance:
* make root's .Xauthority a symlink to the login user's (works best if only one person ever becomes root)
* use ssh root@localhost, with X forwarding enabled, rather than su (has a tiny performance cost, but you're probably not going to notice for anything you actually run as root)
* adapt the rsh rune in 'man xauth', perhaps to something like:
XAUTHORITY=~user/.Xauthority xauth extract - "$DISPLAY"|xauth merge -
(not tested)
Our development systems at work allow virtually unlimited access to everyone all across the network. Using anything other than "xhost +" in this situation would be pretty pointless.
What we know about the OP is that they are using a laptop; potentially it could be connected to almost any kind of network.