LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-14-2011, 05:17 AM   #1
kumawat10
LQ Newbie
 
Registered: Aug 2011
Posts: 28

Rep: Reputation: Disabled
Smile Zenity


Hello everyone..

I recently used zenity to send popup's to other machines after logging into their machines using ssh.. I had some problems initially but it was all sorted out from the net.. Now I know that I have to perform 2 steps to the other user's login (using ssh) for zenity to work.. I do the following

export DISPLAY=:0.0
xhost +@localhost

Now it all runs fine but the problem is that I still dont know the meaning of the above 2 steps... Please someone let me know why we need to do it..

Thanks..
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 12-14-2011, 06:11 AM   #2
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978
The first line is mandatory if you want to display the pop-up on the remote desktop. When you login through ssh without options, the environment variable DISPLAY is not set and if you use option -X the DISPLAY is set to your local machine (the computer from which you establish the connection).

The second line is to accept X connections from other users on a specific machine. Every user has its own .ICEauthority file that contains the so-called MIT-MAGIC-COOKIE. Every incoming connection to the X server is matched or unmatched against the MIT-MAGIC-COOKIE to establish if the requesting user has the authority to use your desktop. The line
Code:
xhost +@localhost
enables all the incoming connection from the specified machine (in this case localhost). The @ symbol is there only for backward compatibility with previous X server: it ensures the specified host is in the nis family, otherwise it is assumed to be an internet address (quoted from man xhost).

Note that as a general assumption, the xhost+ method to enable incoming connections without specific authorization is not a good idea in terms of security.

Last edited by colucix; 12-14-2011 at 06:12 AM. Reason: Added note
 
2 members found this post helpful.
Old 12-14-2011, 08:09 AM   #3
David the H.
Bash Guru
 
Registered: Jun 2004
Location: Osaka, Japan
Distribution: Debian + kde 4 / 5
Posts: 6,834

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Or the quick and basic explanation:

The X server that controls the graphics display is owned by the user that started the session, and other users and systems are not allowed to connect to it by default (not even root can do it). Adding a name to xhost is one way to give a user permission to connect; a fast and easy way, but not particularly secure.

In addition, each running X session has a given DISPLAY address. This address needs to be set in the connecting user's environment, or else manually passed to the program being run, so that it knows which X session it's supposed to connect to.
 
1 members found this post helpful.
Old 12-15-2011, 12:18 AM   #4
kumawat10
LQ Newbie
 
Registered: Aug 2011
Posts: 28

Original Poster
Rep: Reputation: Disabled
Thanks David and Colucix for yr valuable replies..
but I, being a newbie, wasnt able to understand some parts of yr suggestions like the following..

Quote:
The second line is to accept X connections from other users on a specific machine.
What exactly is this X connection thing?

Quote:
Note that as a general assumption, the xhost+ method to enable incoming connections without specific authorization is not a good idea in terms of security.
Why is this so??

Quote:
In addition, each running X session has a given DISPLAY address.
So if there r many ssh sessions from different PC's to a single PC, will all the PC's need to give different DISPLAY address or the same will do??

Thanks again!!
 
Old 12-15-2011, 04:11 AM   #5
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978
Quote:
Originally Posted by kumawat10 View Post
What exactly is this X connection thing?
Every time you see X in the documentation, it refers to the graphical environment (opposite to the console which is the text based interface). X is the graphic server that runs underneath every desktop manager. Nowadays the X.org server is widespread in the majority of the Linux distributions (you can check the package xorg-x11-server-Xorg or a similar name to see what release is installed on your system).

Establishing a X connection is therefore related to the communication between a client software (e.g. zenity) that relies on the X server to work properly (in practice it must create a window on your desktop). The client asks for authorization to use the graphic display and the X server accepts or refuses connections according to the user's policy.
Quote:
Originally Posted by kumawat10 View Post
Note that as a general assumption, the xhost+ method to enable incoming connections without specific authorization is not a good idea in terms of security. Why is this so??
Basically, if someone gain access to your display with malicious intentions, he can even see your screen or read your keystrokes and your mouse actions. What if you digit your 256-characters strong password to access your on-line banking? Every keystroke can be recorded and your money... puff!

You can still use xhost but you have to trust the host (that is the machine and any potential user of that machine) to which you assign privileges.
Quote:
Originally Posted by kumawat10 View Post
So if there r many ssh sessions from different PC's to a single PC, will all the PC's need to give different DISPLAY address or the same will do??
Nope. The local display (that is the screen in front of you) is unique and the DISPLAY environment variable is assigned from the X server whenever you login (or autologin) into the graphic environment.

On the other hand a remote display (e.g. I connect to your machine through ssh with -X option to run a program on your machine and see it on the screen in front of me) is assigned from the client application (ssh in my example) and can vary, but in this case it simply means that your unique and personal DISPLAY is forwarded somewhere else.

In other words the DISPLAY once assigned doesn't change until you close the connection to the X server (that is until you log off the graphical environment).

Last edited by colucix; 12-15-2011 at 06:36 AM. Reason: English language
 
1 members found this post helpful.
Old 12-15-2011, 08:32 AM   #6
David the H.
Bash Guru
 
Registered: Jun 2004
Location: Osaka, Japan
Distribution: Debian + kde 4 / 5
Posts: 6,834

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
And once again, the really basic level explanation.

The graphic system on Unix-style boxes uses a server/client configuration, known generally as the X Window System.

The X "server" is the part that runs on the local machine, supports and communicates with the video card (or cards), and handles the graphics on the screen(s) attached to it. The server also manages the input from the local keyboard, mouse, and other peripherals like (drawing) tablets and touch-screens.

The "clients" are the cgi programs you run. They connect to a running X server (either on the same system or over a network) and then that server draws the windows for them on its local screen(s), and sends input from its local input devices back to the program.

And so, as explained before, the "DISPLAY" variable is where you specify which server, on which host, and which screen, the client windows should appear on. On the local machine you only need to provide the number of the server and screen (if more than one), but for network connections you also need to specify the host name or address its located on.
 
2 members found this post helpful.
Old 12-15-2011, 09:06 AM   #7
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978
Quote:
Originally Posted by David the H. View Post
And once again, the really basic level explanation.
David, your ability to synthesize is awesome!
 
Old 12-15-2011, 11:28 AM   #8
David the H.
Bash Guru
 
Registered: Jun 2004
Location: Osaka, Japan
Distribution: Debian + kde 4 / 5
Posts: 6,834

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Aw, shucks. I just figured that the newbie probably needed the real concept-level basics first, since the X client/server concept can be a bit confusing to understand.

Then he can go back and read your posts for more detail on how it all operates.
 
Old 12-16-2011, 11:56 PM   #9
kumawat10
LQ Newbie
 
Registered: Aug 2011
Posts: 28

Original Poster
Rep: Reputation: Disabled
Thanks a lot to both of u.. and David, really u explain in an awesome manner!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Zenity progress bar mard0 Programming 3 09-22-2012 03:19 PM
[SOLVED] Zenity + kill PID Tryum Linux - General 5 02-23-2011 08:33 AM
zenity editable list help technononsense Programming 1 07-22-2010 09:36 PM
[SOLVED] Zenity on Solaris vikas027 Programming 3 02-21-2010 04:02 PM
Shell script using zenity sandsterother Programming 1 02-14-2008 02:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration