On Wed, Mar 14, 2001 at 09:56:49AM +0900, Joongul Lee wrote: > I was told that it is more secure to have > > export XAUTHORITY=$HOME/.Xauthority > > executed in one of the initialization scripts (I have it in ~/.bashrc)
Yes, because that stops other users on the same machine from getting in. If you explicitly want any user on the local machine to be able to access your X server, then xhost is the way to go. To use X authority to allow only a specific other user, you run xauth list while logged in as the user that started the server. Cut and paste the MIT-magic-cookie into a shell that's logged in as the other user. run xauth add displayname protocolname hexkey (the displayname will be :0.0 for the local machine, protocol will be mit-magic-cookie, and hexkey is the random code.) see xauth(1). The example it lists is: xauth extract - $DISPLAY | rsh otherhost xauth merge - Also see X(7), and the section on ACCESS CONTROL. Magic cookies can be eaten by people sniffing your network. (as far as I can tell, they are sent in plaintext). -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE
