View previous topic :: View next topic |
Author |
Message |
sinisterdomestik l33t
Joined: 28 Aug 2003 Posts: 685 Location: Texas
|
Posted: Wed Oct 29, 2003 5:06 pm Post subject: cant open display as root |
|
|
so i did su - and tried to run gtoaster and i got this error
Code: |
Xlib: connection to ":0.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
Gtk-WARNING **: cannot open display: :0.0
|
then i tried su root and got the same thing, i also tried just su and still get the same exact error. what i dont understand is why it wont let me open it as root, but it will let me open it as a regular user. i also tried this and then su again and got this
Code: |
export DISPLAY=localhost:0.0
|
Code: |
Xlib: connection to "localhost:0.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
Gtk-WARNING **: cannot open display: localhost:0.0
|
any help would be greatly appreciated so that i can start configuring different apps _________________ Thou shalt NEVER speak of removing thine Linux |
|
Back to top |
|
|
Bonkie Guru
Joined: 28 Oct 2002 Posts: 501 Location: Antwerpen, Belgium
|
Posted: Wed Oct 29, 2003 5:21 pm Post subject: |
|
|
X is run as your normal user, so if you want to run apps as root, you can:
a) login or start X as root (not recommended)
b) use the xhost command for opening connections to X for other users/computers
make so that all connections are accepted. - turns it off. But you can specify user and/or computer as well, take a look at the help. _________________ "I would say we have a 50% chance of survival, but I consider myself an optimist so I'll give us 50,5% ..."
~ Arthur C. Clarke [Physics PHD,SF Writer], when asked about the chances of the human race's survival |
|
Back to top |
|
|
sinisterdomestik l33t
Joined: 28 Aug 2003 Posts: 685 Location: Texas
|
Posted: Wed Oct 29, 2003 5:27 pm Post subject: |
|
|
that worked like a charm, thank you so much _________________ Thou shalt NEVER speak of removing thine Linux |
|
Back to top |
|
|
grant.mcdorman Apprentice
Joined: 29 Jan 2003 Posts: 295 Location: Toronto, ON, Canada
|
Posted: Wed Oct 29, 2003 6:08 pm Post subject: |
|
|
Bonkie wrote: | X is run as your normal user, so if you want to run apps as root, you can:
a) login or start X as root (not recommended)
b) use the xhost command for opening connections to X for other users/computers
make so that all connections are accepted. - turns it off. But you can specify user and/or computer as well, take a look at the help. | xhost is bad; doing this is an enormous security risk - it allows anyone with access to your network to snoop on everything that's happening on your display, including keystrokes - i.e. one can grab passwords. If I were a sysadmin I'd be strongly tempted to physically remove xhost from the systems under my control.
Instead, for root on the same system either, before su'ing, do: Code: | export XAUTHORITY=~/.Xauthority | or, as root, this: Code: | DISPLAY=:0;export DISPLAY
XAUTHORITY=~`cat /var/run/console.lock`/.Xauthority
export XAUTHORITY
# force ~name to be expanded
XAUTHORITY=`sh -c "echo $XAUTHORITY"` |
(There is code in PAM that attempts to give root X access when you su, but it only works if XAUTHORITY is set.)
For other users or root on remote systems, do this as the user "owning" the display: Code: | xauth nextract - $DISPLAY | and copy and paste the output to the user to be given access: Code: | xauth nmerge -
(paste here)
^D |
You can also extract to a file (replace the - with the filename). If the user needing access isn't local, replace $DISPLAY with `hostname`:0.
Interestingly, sudo does not have this problem. |
|
Back to top |
|
|
turtlendog Tux's lil' helper
Joined: 31 Jan 2004 Posts: 107 Location: East AZ
|
Posted: Sat Feb 28, 2004 6:13 am Post subject: Thanks |
|
|
Thanks for a thoughtful and precise answer to this question. Your post was exactly what I needed. |
|
Back to top |
|
|
timaios n00b
Joined: 20 Mar 2004 Posts: 14
|
Posted: Mon Mar 29, 2004 6:27 pm Post subject: |
|
|
grant.mcdorman wrote: | Bonkie wrote: | X is run as your normal user, so if you want to run apps as root, you can:
a) login or start X as root (not recommended)
b) use the xhost command for opening connections to X for other users/computers
make so that all connections are accepted. - turns it off. But you can specify user and/or computer as well, take a look at the help. | xhost is bad; doing this is an enormous security risk - it allows anyone with access to your network to snoop on everything that's happening on your display, including keystrokes - i.e. one can grab passwords. If I were a sysadmin I'd be strongly tempted to physically remove xhost from the systems under my control.
Instead, for root on the same system either, before su'ing, do: Code: | export XAUTHORITY=~/.Xauthority | or, as root, this: Code: | DISPLAY=:0;export DISPLAY
XAUTHORITY=~`cat /var/run/console.lock`/.Xauthority
export XAUTHORITY
# force ~name to be expanded
XAUTHORITY=`sh -c "echo $XAUTHORITY"` |
(There is code in PAM that attempts to give root X access when you su, but it only works if XAUTHORITY is set.)
For other users or root on remote systems, do this as the user "owning" the display: Code: | xauth nextract - $DISPLAY | and copy and paste the output to the user to be given access: Code: | xauth nmerge -
(paste here)
^D |
You can also extract to a file (replace the - with the filename). If the user needing access isn't local, replace $DISPLAY with `hostname`:0.
Interestingly, sudo does not have this problem. |
ok, what about "xhost + 127.0.0.1" ?
is it unsecure? |
|
Back to top |
|
|
Spooky Ghost Apprentice
Joined: 19 Apr 2002 Posts: 210 Location: Bristol, United Kingdom
|
Posted: Mon Mar 29, 2004 9:36 pm Post subject: |
|
|
Quote: | ok, what about "xhost + 127.0.0.1" ?
is it unsecure?
|
It allows any connections to the X server from the localhost, if you are on a multi user system it is potentially insecure, e.g. another user pops up a dialogue prompting for your password. If it's a single user system then this shouldn't be a problem. |
|
Back to top |
|
|
grant.mcdorman Apprentice
Joined: 29 Jan 2003 Posts: 295 Location: Toronto, ON, Canada
|
Posted: Mon Mar 29, 2004 11:13 pm Post subject: |
|
|
Spooky Ghost wrote: | Quote: | ok, what about "xhost + 127.0.0.1" ?
is it unsecure?
|
It allows any connections to the X server from the localhost, if you are on a multi user system it is potentially insecure, e.g. another user pops up a dialogue prompting for your password. If it's a single user system then this shouldn't be a problem. | Exactly. Note, by the way, that you can do The result is the same but it's a little more friendly than 127.0.0.1.
Unless, of course, someone's compromised your /etc/hosts file
Mind you, turning off security is wonderful for running xroach or groach - on someone else . |
|
Back to top |
|
|
Kraymer Guru
Joined: 27 Aug 2003 Posts: 349 Location: Germany
|
Posted: Tue Mar 30, 2004 1:31 pm Post subject: kdesu is your man! |
|
|
I've been very annoyed by X not allowing root apps. For example, I logged out, logged in as root, started k3dsetup, logged in as user again..
I hadn't the xhost idea but I found kdesu which just allows what you need. A dialog will pop up and ask for root password, then it just works. I think it's the same program that allows you (root-based) system administration in kcontrol
Sebastian |
|
Back to top |
|
|
mlybarger Guru
Joined: 04 Sep 2002 Posts: 475
|
Posted: Fri Apr 30, 2004 8:56 am Post subject: |
|
|
i've used xhost for quite a while to allow root to have access to open windows apps on my machine. xhost localhost use to work nice up till recently. now it doesn't work and i must use this XAUTHORITY trick to get apps to start after su'ing to root. then it works fine.
is there a setting that has probably changed recently that doesn't allow xhost to work with root apps or some such? i only have a single user system (asside from the users needed to run stuf), so i haven't checked other users.
if there is a setting change i'd like to change it back. the xhost would last as long as i was logged in (log out and i have to re do the xhost when i want to start root x apps). but with exporting the XAUTHORITY i have to do it for each xterm session i have open. guess one way around it is to put that export in my .bash_profile or some such. but really i'd like to use xhost again..
help!?! |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
|
Back to top |
|
|
|