Hello everyone..

I recently used zenity to send popup's to other machines after logging into their machines using ssh.. I had some problems initially but it was all sorted out from the net.. Now I know that I have to perform 2 steps to the other user's login (using ssh) for zenity to work.. I do the following

export DISPLAY=:0.0
xhost +@localhost

Now it all runs fine but the problem is that I still dont know the meaning of the above 2 steps... Please someone let me know why we need to do it..

Thanks..

The first line is mandatory if you want to display the pop-up on the remote desktop. When you login through ssh without options, the environment variable DISPLAY is not set and if you use option -X the DISPLAY is set to your local machine (the computer from which you establish the connection).

The second line is to accept X connections from other users on a specific machine. Every user has its own .ICEauthority file that contains the so-called MIT-MAGIC-COOKIE. Every incoming connection to the X server is matched or unmatched against the MIT-MAGIC-COOKIE to establish if the requesting user has the authority to use your desktop. The line
enables all the incoming connection from the specified machine (in this case localhost). The @ symbol is there only for backward compatibility with previous X server: it ensures the specified host is in the nis family, otherwise it is assumed to be an internet address (quoted from man xhost).

Note that as a general assumption, the xhost+ method to enable incoming connections without specific authorization is not a good idea in terms of security.

2 members found this post helpful.

Or the quick and basic explanation:

The X server that controls the graphics display is owned by the user that started the session, and other users and systems are not allowed to connect to it by default (not even root can do it). Adding a name to xhost is one way to give a user permission to connect; a fast and easy way, but not particularly secure.

In addition, each running X session has a given DISPLAY address. This address needs to be set in the connecting user's environment, or else manually passed to the program being run, so that it knows which X session it's supposed to connect to.

1 members found this post helpful.

Thanks David and Colucix for yr valuable replies..
but I, being a newbie, wasnt able to understand some parts of yr suggestions like the following..

What exactly is this X connection thing?

Why is this so??

So if there r many ssh sessions from different PC's to a single PC, will all the PC's need to give different DISPLAY address or the same will do??

Thanks again!!

Every time you see X in the documentation, it refers to the graphical environment (opposite to the console which is the text based interface). X is the graphic server that runs underneath every desktop manager. Nowadays the X.org server is widespread in the majority of the Linux distributions (you can check the package xorg-x11-server-Xorg or a similar name to see what release is installed on your system).

Establishing a X connection is therefore related to the communication between a client software (e.g. zenity) that relies on the X server to work properly (in practice it must create a window on your desktop). The client asks for authorization to use the graphic display and the X server accepts or refuses connections according to the user's policy.
Basically, if someone gain access to your display with malicious intentions, he can even see your screen or read your keystrokes and your mouse actions. What if you digit your 256-characters strong password to access your on-line banking? Every keystroke can be recorded and your money... puff!

You can still use xhost but you have to trust the host (that is the machine and any potential user of that machine) to which you assign privileges.
Nope. The local display (that is the screen in front of you) is unique and the DISPLAY environment variable is assigned from the X server whenever you login (or autologin) into the graphic environment.

On the other hand a remote display (e.g. I connect to your machine through ssh with -X option to run a program on your machine and see it on the screen in front of me) is assigned from the client application (ssh in my example) and can vary, but in this case it simply means that your unique and personal DISPLAY is forwarded somewhere else.

In other words the DISPLAY once assigned doesn't change until you close the connection to the X server (that is until you log off the graphical environment).

1 members found this post helpful.

And once again, the really basic level explanation.

The graphic system on Unix-style boxes uses a server/client configuration, known generally as the X Window System.

The X "server" is the part that runs on the local machine, supports and communicates with the video card (or cards), and handles the graphics on the screen(s) attached to it. The server also manages the input from the local keyboard, mouse, and other peripherals like (drawing) tablets and touch-screens.

The "clients" are the cgi programs you run. They connect to a running X server (either on the same system or over a network) and then that server draws the windows for them on its local screen(s), and sends input from its local input devices back to the program.

And so, as explained before, the "DISPLAY" variable is where you specify which server, on which host, and which screen, the client windows should appear on. On the local machine you only need to provide the number of the server and screen (if more than one), but for network connections you also need to specify the host name or address its located on.

2 members found this post helpful.

David, your ability to synthesize is awesome!

Aw, shucks. I just figured that the newbie probably needed the real concept-level basics first, since the X client/server concept can be a bit confusing to understand.

Then he can go back and read your posts for more detail on how it all operates.

Thanks a lot to both of u.. and David, really u explain in an awesome manner!!