LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 10-30-2010, 01:34 PM   #16
TSquaredF
Member
 
Registered: Dec 2005
Location: "The South Coast of Texas"
Distribution: Slackware64-current
Posts: 492
Blog Entries: 1

Rep: Reputation: 55

from hyperfluid (snipped)
Quote:
... is there a method to automate this procedure properly when logging in/starting X?
There are probably several ways, but here is how I did it after reading this thread through. I use KDE, so you may have to modify it for your desktop.
Create a file named "x4su.sh" in /home/youruser/.kde/Autostart. This file should contain the lines:

#!/bin/bash
xauth extract /tmp/x4su $DISPLAY

Make the file executable.
Non-login consoles such as xterm/konsole programmatically source ~/.bashrc, so as root, add the line:

xauth merge /tmp/x4su

to the bottom of /root/.bashrc. Create the file if it doesn't exist.
Now when you log in to KDE, the display cookie will be exported to /tmp/x4su & when you open a terminal as root, that file will be merged with /root/.Xauthority.
This works for me, but, as stated, you may have to do some modifications, depending on DE used, etc.
Regards,
Bill
 
1 members found this post helpful.
Old 10-30-2010, 06:03 PM   #17
GazL
Senior Member
 
Registered: May 2008
Posts: 3,503

Rep: Reputation: 1026Reputation: 1026Reputation: 1026Reputation: 1026Reputation: 1026Reputation: 1026Reputation: 1026Reputation: 1026
Running stuff as root isn't all that hard anyway because it can just use the existing Xauthority file directly
Just add an alias as follows to your bashrc and away you go.
Code:
alias rootxterm='su -l root -c "XAUTHORITY=$HOME/.Xauthority DISPLAY=:0 xterm"'
Things get far more involved when you start dealing with running non-root stuff from a non-root desktop because neither end can access each others files. You can always do the extract and import from a temporary file as TSquared has done above but you need to be careful with permissions to keep it secure while still allowing the users that you actually want to be able to use it to do so.


Anyway, as a quick proof of concept I knocked up a sudo based solution for transferring the xauth records:

This code is just a proof of concept. It needs a lot of error checking and input validation to make it safe to use!!
/usr/local/bin/share_xauth:
Code:
#!/bin/bash
#
#  Will share Xauthority entries for the current display with
#  other local users securely.
#
#  Usage:
#         sudo share_xauth user1 user2 user3 ...
#
#  
IFS=""
PATH="/usr/bin:/bin"

for destUser in "$@"
do
  if [ "$destUser" != "" ] ; then
     newAuthFile="/home/${destUser}/.Xauthority"
     /usr/bin/xauth -f "/home/$SUDO_USER/.Xauthority" extract - "$DISPLAY" \
        | /usr/bin/xauth -f "$newAuthFile" merge -
     chown "${destUser}:users" "$newAuthFile"
  fi
done
It'll need a corresponding sudoers entry, something like
Code:
%users  ALL=(root) NOPASSWD: /usr/local/bin/share_xauth
Theory being, put a "sudo share_xauth user1 user2" in any of your desktop startup files and you selectively get to grant access to your X Display to other local users accounts without any intervention and no need for temporary files.

There are probably better ways of doing this, but I can't think of one right now.
 
2 members found this post helpful.
Old 10-31-2010, 07:02 AM   #18
hyperfluid
Member
 
Registered: Aug 2010
Location: /ger/nrw/ac
Distribution: Ubuntu 12.04
Posts: 34

Rep: Reputation: Disabled
Thank you both,

TSquared's method works fine, since I just need root to access the display right now.

But I will keep GazL's second solution in mind, if I will come across such a more sophisticated situation.

Enjoy the rest of the weekend,
Michael
 
Old 10-20-2012, 10:39 PM   #19
qweasd
Member
 
Registered: May 2010
Posts: 486

Rep: Reputation: Disabled
Quote:
Originally Posted by GazL View Post
Running stuff as root isn't all that hard anyway because it can just use the existing Xauthority file directly
Just add an alias as follows to your bashrc and away you go.
Code:
alias rootxterm='su -l root -c "XAUTHORITY=$HOME/.Xauthority DISPLAY=:0 xterm"'
Things get far more involved when you start dealing with running non-root stuff from a non-root desktop because neither end can access each others files. You can always do the extract and import from a temporary file as TSquared has done above but you need to be careful with permissions to keep it secure while still allowing the users that you actually want to be able to use it to do so.


Anyway, as a quick proof of concept I knocked up a sudo based solution for transferring the xauth records:

This code is just a proof of concept. It needs a lot of error checking and input validation to make it safe to use!!
/usr/local/bin/share_xauth:
Code:
#!/bin/bash
#
#  Will share Xauthority entries for the current display with
#  other local users securely.
#
#  Usage:
#         sudo share_xauth user1 user2 user3 ...
#
#  
IFS=""
PATH="/usr/bin:/bin"

for destUser in "$@"
do
  if [ "$destUser" != "" ] ; then
     newAuthFile="/home/${destUser}/.Xauthority"
     /usr/bin/xauth -f "/home/$SUDO_USER/.Xauthority" extract - "$DISPLAY" \
        | /usr/bin/xauth -f "$newAuthFile" merge -
     chown "${destUser}:users" "$newAuthFile"
  fi
done
It'll need a corresponding sudoers entry, something like
Code:
%users  ALL=(root) NOPASSWD: /usr/local/bin/share_xauth
Theory being, put a "sudo share_xauth user1 user2" in any of your desktop startup files and you selectively get to grant access to your X Display to other local users accounts without any intervention and no need for temporary files.

There are probably better ways of doing this, but I can't think of one right now.
Stealing the cookie seems like a lot of trouble. After digging for a while I found this:
Code:
xhost si:localuser:root
which is run by a user who wants to let the root to connect to X. How safe is that, I wonder?
 
Old 10-21-2012, 07:19 AM   #20
GazL
Senior Member
 
Registered: May 2008
Posts: 3,503

Rep: Reputation: 1026Reputation: 1026Reputation: 1026Reputation: 1026Reputation: 1026Reputation: 1026Reputation: 1026Reputation: 1026
Yes, I think I've posted on LQ about 'si:localuser' before. The post you quoted is a couple of years old now. I don't know when the server interpreted localuser security extensions were added to X.org, but if it did exist back when I wrote that, then I certainly wasn't aware of it.

The above script has the advantage of also working with non-local Xserver displays so it's not completely obsolete, but for a locally hosted display the si:localuser stuff will do the job nicely.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
disabling xhost & xauth Smokey Slackware 3 06-30-2005 05:02 PM
about xauth? Chowroc Linux - General 6 05-24-2005 06:21 PM
How to use xauth? Chowroc Linux - Networking 1 05-22-2005 11:31 AM
Xhost/xauth: Can I get access to the graphics console without anyone being logged in? Merlin53 Linux - General 10 01-07-2005 02:32 PM
su - and xauth .. doublefailure Linux - General 0 03-05-2003 04:46 PM


All times are GMT -5. The time now is 07:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration