Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I recently used zenity to send popup's to other machines after logging into their machines using ssh.. I had some problems initially but it was all sorted out from the net.. Now I know that I have to perform 2 steps to the other user's login (using ssh) for zenity to work.. I do the following
Now it all runs fine but the problem is that I still dont know the meaning of the above 2 steps... Please someone let me know why we need to do it..
Click here to see the post LQ members have rated as the most helpful post in this thread.
The first line is mandatory if you want to display the pop-up on the remote desktop. When you login through ssh without options, the environment variable DISPLAY is not set and if you use option -X the DISPLAY is set to your local machine (the computer from which you establish the connection).
The second line is to accept X connections from other users on a specific machine. Every user has its own .ICEauthority file that contains the so-called MIT-MAGIC-COOKIE. Every incoming connection to the X server is matched or unmatched against the MIT-MAGIC-COOKIE to establish if the requesting user has the authority to use your desktop. The line
enables all the incoming connection from the specified machine (in this case localhost). The @ symbol is there only for backward compatibility with previous X server: it ensures the specified host is in the nis family, otherwise it is assumed to be an internet address (quoted from man xhost).
Note that as a general assumption, the xhost+ method to enable incoming connections without specific authorization is not a good idea in terms of security.
Last edited by colucix; 12-14-2011 at 06:12 AM.
Reason: Added note
The X server that controls the graphics display is owned by the user that started the session, and other users and systems are not allowed to connect to it by default (not even root can do it). Adding a name to xhost is one way to give a user permission to connect; a fast and easy way, but not particularly secure.
In addition, each running X session has a given DISPLAY address. This address needs to be set in the connecting user's environment, or else manually passed to the program being run, so that it knows which X session it's supposed to connect to.
Every time you see X in the documentation, it refers to the graphical environment (opposite to the console which is the text based interface). X is the graphic server that runs underneath every desktop manager. Nowadays the X.org server is widespread in the majority of the Linux distributions (you can check the package xorg-x11-server-Xorg or a similar name to see what release is installed on your system).
Establishing a X connection is therefore related to the communication between a client software (e.g. zenity) that relies on the X server to work properly (in practice it must create a window on your desktop). The client asks for authorization to use the graphic display and the X server accepts or refuses connections according to the user's policy.
Originally Posted by kumawat10
Note that as a general assumption, the xhost+ method to enable incoming connections without specific authorization is not a good idea in terms of security. Why is this so??
Basically, if someone gain access to your display with malicious intentions, he can even see your screen or read your keystrokes and your mouse actions. What if you digit your 256-characters strong password to access your on-line banking? Every keystroke can be recorded and your money... puff!
You can still use xhost but you have to trust the host (that is the machine and any potential user of that machine) to which you assign privileges.
Originally Posted by kumawat10
So if there r many ssh sessions from different PC's to a single PC, will all the PC's need to give different DISPLAY address or the same will do??
Nope. The local display (that is the screen in front of you) is unique and the DISPLAY environment variable is assigned from the X server whenever you login (or autologin) into the graphic environment.
On the other hand a remote display (e.g. I connect to your machine through ssh with -X option to run a program on your machine and see it on the screen in front of me) is assigned from the client application (ssh in my example) and can vary, but in this case it simply means that your unique and personal DISPLAY is forwarded somewhere else.
In other words the DISPLAY once assigned doesn't change until you close the connection to the X server (that is until you log off the graphical environment).
Last edited by colucix; 12-15-2011 at 06:36 AM.
Reason: English language
And once again, the really basic level explanation.
The graphic system on Unix-style boxes uses a server/client configuration, known generally as the X Window System.
The X "server" is the part that runs on the local machine, supports and communicates with the video card (or cards), and handles the graphics on the screen(s) attached to it. The server also manages the input from the local keyboard, mouse, and other peripherals like (drawing) tablets and touch-screens.
The "clients" are the cgi programs you run. They connect to a running X server (either on the same system or over a network) and then that server draws the windows for them on its local screen(s), and sends input from its local input devices back to the program.
And so, as explained before, the "DISPLAY" variable is where you specify which server, on which host, and which screen, the client windows should appear on. On the local machine you only need to provide the number of the server and screen (if more than one), but for network connections you also need to specify the host name or address its located on.