X access control - X

This is a discussion on X access control - X ; Hello How can I enable applications from localhost to be run on user's display. I have to execute "xhost +localhost" everytime I start a user's session. I put the following into user's ~/.bash_profile: export DISPLAY=:0.0 [ "$DISPLAY" != "" ] ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: X access control

  1. X access control

    Hello

    How can I enable applications from localhost to be run on user's
    display.
    I have to execute "xhost +localhost" everytime I start a user's
    session.

    I put the following into user's ~/.bash_profile:
    export DISPLAY=:0.0
    [ "$DISPLAY" != "" ] && xhost +

    but it takes long time to log on whne X server is not running.

    Is there any system wide file of where I can disable access control
    for localhost.
    If not how can I configure it correctly ?

    thank You for help

  2. Re: X access control

    Witek Jarnas staggered into the Black Sun and said:
    > How can I enable applications from localhost to be run on user's
    > display? I have to execute "xhost +localhost" everytime I start a
    > user's session.


    Are you *sure* you're doing it right? Most X servers are started with
    "-nolisten tcp" these days. The syntax you use now is "xhost +local:",
    which allows X clients on machine1 to connect to the X socket in
    /tmp/.X11-unix/ on machine1.

    > export DISPLAY=:0.0 ; [ "$DISPLAY" != "" ] && xhost +


    That's not right either. "xhost +" removes all access control, which is
    a Very Bad Idea if your X server is listening for TCP.

    > but it takes [a] long time to log on [when the] X server is not
    > running. Is there any system wide file of where I can disable access
    > control for localhost?


    No.

    > If not, how can I configure it correctly ?


    See first paragraph. In my tests, a user who does not have access to :0
    , sets DISPLAY to :0, and does "xhost +local:" sees the command return
    with an error message in < 1 second.

    --
    I will rule you all with my iron fist. YOU! Obey the fist!
    --Invader Zim
    My blog and resume: http://crow202.dyndns.org:8080/wordpress/
    Matt G|There is no Darkness in Eternity/But only Light too dim for us to see

  3. Re: X access control

    Dances With Crows :
    > Witek Jarnas staggered into the Black Sun and said:
    > > How can I enable applications from localhost to be run on user's
    > > display? I have to execute "xhost +localhost" everytime I start a
    > > user's session.

    >
    > Are you *sure* you're doing it right? Most X servers are started with
    > "-nolisten tcp" these days. The syntax you use now is "xhost +local:",
    > which allows X clients on machine1 to connect to the X socket in
    > /tmp/.X11-unix/ on machine1.


    Thank you. That got xconsole back working correctly. I've missed
    that a lot!

    > See first paragraph. In my tests, a user who does not have access to :0
    > , sets DISPLAY to :0, and does "xhost +local:" sees the command return
    > with an error message in < 1 second.


    As X Window logged in user:

    xhost +local:

    As another user on that same box:

    export DISPLAY=":0.0" # quotes are likely unnecessary.
    someXcommand &

    Works with root, at least. Thank you!


    --
    Any technology distinguishable from magic is insufficiently advanced.
    (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
    - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

+ Reply to Thread