On 09/22/2017 05:10 AM, Didier Kryn wrote:
Le 22/09/2017 à 01:32, Arnt Karlsen a écrit :
You can probably justify 'xhost +' if this is one of those
I'm-the-only-user machines. Thank Ghu, remote network access to the X
server is no longer enabled by default on Linux hosts. (The right way
to do remote X11, IMO, is via 'ssh -yu...@example.com', thereby
forwarding X11 across the authenticated ssh tunnel.)
One can argue that you should use 'ssh -Y' even locally so you get out
of the habit of using 'xhost +'. I won't argue that, but will just
put it out there.
..my prefecence was the -X option: ssh -X root@localhost
until Debian killed it with some new policy.
AFAIR, ssh -Y is used for backward compatibility with old software
(like libroot), but, normally, -X is enough.
I don't know how one can prevent you from running ssh -X
root@localhost . Permission to do so is set/unset in
/etc/ssh/sshd_config .
But gksu or gksudo do not require ssh at all.
You can also do this, assuming your original user is "user":
XAUTHORITY=~user/.Xauthority
export XAUTHORITY
DISPLAY=:0.0
export DISPLAY
and use x with that. You don't add permissions, and there is no need to
use ssh to forward localhost connections. If XAUTHORITY is missing, you
need xauth installed, but that should already be there if you have ssh
and X anyway. root should have permission to read ~user/.Xauthority
unless you are using a non local home directory.
--
Héctor González
ca...@genac.org
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
