Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I recently used zenity to send popup's to other machines after logging into their machines using ssh.. I had some problems initially but it was all sorted out from the net.. Now I know that I have to perform 2 steps to the other user's login (using ssh) for zenity to work.. I do the following
export DISPLAY=:0.0
xhost +@localhost
Now it all runs fine but the problem is that I still dont know the meaning of the above 2 steps... Please someone let me know why we need to do it..
Thanks..
Click here to see the post LQ members have rated as the most helpful post in this thread.
The first line is mandatory if you want to display the pop-up on the remote desktop. When you login through ssh without options, the environment variable DISPLAY is not set and if you use option -X the DISPLAY is set to your local machine (the computer from which you establish the connection).
The second line is to accept X connections from other users on a specific machine. Every user has its own .ICEauthority file that contains the so-called MIT-MAGIC-COOKIE. Every incoming connection to the X server is matched or unmatched against the MIT-MAGIC-COOKIE to establish if the requesting user has the authority to use your desktop. The line
Code:
xhost +@localhost
enables all the incoming connection from the specified machine (in this case localhost). The @ symbol is there only for backward compatibility with previous X server: it ensures the specified host is in the nis family, otherwise it is assumed to be an internet address (quoted from man xhost).
Note that as a general assumption, the xhost+ method to enable incoming connections without specific authorization is not a good idea in terms of security.
Last edited by colucix; 12-14-2011 at 05:12 AM.
Reason: Added note
The X server that controls the graphics display is owned by the user that started the session, and other users and systems are not allowed to connect to it by default (not even root can do it). Adding a name to xhost is one way to give a user permission to connect; a fast and easy way, but not particularly secure.
In addition, each running X session has a given DISPLAY address. This address needs to be set in the connecting user's environment, or else manually passed to the program being run, so that it knows which X session it's supposed to connect to.
Thanks David and Colucix for yr valuable replies..
but I, being a newbie, wasnt able to understand some parts of yr suggestions like the following..
Quote:
The second line is to accept X connections from other users on a specific machine.
What exactly is this X connection thing?
Quote:
Note that as a general assumption, the xhost+ method to enable incoming connections without specific authorization is not a good idea in terms of security.
Why is this so??
Quote:
In addition, each running X session has a given DISPLAY address.
So if there r many ssh sessions from different PC's to a single PC, will all the PC's need to give different DISPLAY address or the same will do??
Every time you see X in the documentation, it refers to the graphical environment (opposite to the console which is the text based interface). X is the graphic server that runs underneath every desktop manager. Nowadays the X.org server is widespread in the majority of the Linux distributions (you can check the package xorg-x11-server-Xorg or a similar name to see what release is installed on your system).
Establishing a X connection is therefore related to the communication between a client software (e.g. zenity) that relies on the X server to work properly (in practice it must create a window on your desktop). The client asks for authorization to use the graphic display and the X server accepts or refuses connections according to the user's policy.
Quote:
Originally Posted by kumawat10
Note that as a general assumption, the xhost+ method to enable incoming connections without specific authorization is not a good idea in terms of security. Why is this so??
Basically, if someone gain access to your display with malicious intentions, he can even see your screen or read your keystrokes and your mouse actions. What if you digit your 256-characters strong password to access your on-line banking? Every keystroke can be recorded and your money... puff!
You can still use xhost but you have to trust the host (that is the machine and any potential user of that machine) to which you assign privileges.
Quote:
Originally Posted by kumawat10
So if there r many ssh sessions from different PC's to a single PC, will all the PC's need to give different DISPLAY address or the same will do??
Nope. The local display (that is the screen in front of you) is unique and the DISPLAY environment variable is assigned from the X server whenever you login (or autologin) into the graphic environment.
On the other hand a remote display (e.g. I connect to your machine through ssh with -X option to run a program on your machine and see it on the screen in front of me) is assigned from the client application (ssh in my example) and can vary, but in this case it simply means that your unique and personal DISPLAY is forwarded somewhere else.
In other words the DISPLAY once assigned doesn't change until you close the connection to the X server (that is until you log off the graphical environment).
Last edited by colucix; 12-15-2011 at 05:36 AM.
Reason: English language
And once again, the really basic level explanation.
The graphic system on Unix-style boxes uses a server/client configuration, known generally as the X Window System.
The X "server" is the part that runs on the local machine, supports and communicates with the video card (or cards), and handles the graphics on the screen(s) attached to it. The server also manages the input from the local keyboard, mouse, and other peripherals like (drawing) tablets and touch-screens.
The "clients" are the cgi programs you run. They connect to a running X server (either on the same system or over a network) and then that server draws the windows for them on its local screen(s), and sends input from its local input devices back to the program.
And so, as explained before, the "DISPLAY" variable is where you specify which server, on which host, and which screen, the client windows should appear on. On the local machine you only need to provide the number of the server and screen (if more than one), but for network connections you also need to specify the host name or address its located on.
Aw, shucks. I just figured that the newbie probably needed the real concept-level basics first, since the X client/server concept can be a bit confusing to understand.
Then he can go back and read your posts for more detail on how it all operates.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.