On Mon, Jan 26, 2004 at 12:01:04PM +0200, Nadav Har'El wrote: > You may be surprised that root can't do something that an ordinary user > can, but X-Windows authentication actually works differently from the > ordinary Unix permission model, because it is aimed to work across hosts, > not just on one host. The usual X authorization setup (verbosely called > MIT-MAGIC-COOKIE-1) is that the X server chooses a random string and puts > it in a file in your home directory (~/.Xauthority). Now, every time you > run an X Windows program it reads that string and sends it to the X server, > as a proof it is running under your account (this file is unreadable to > others). If you want to run X programs from other accounts (on this, or a > different machine), including the root account, you'll need to transfer the > authentication string, usually with the xauth(1) command. For root, there's > an easier workaround: try running > > HOME=/home/aamehl xev
More direct (and safe for setting permanently for the session): XAUTHORITY=/home/aamehl/.Xauthority However in /etc/pam.d/su of at least redhat and mandrake (but not debian) you'll find: session optional /lib/security/pam_xauth.so pam_xauth "forwards" those settings transparantly (though to the user's main .Xauthority file and not to a separate file, like ssh does). But then again, when you look at the cookie (from the output of 'xauth l'): your.hostname:0 MIT-MAGIC-COOKIE-1 67ef3aff1412b23fd091996bbc74d97c So when the hostname changes the cookie no longer matches. -- Tzafrir Cohen +---------------------------+ http://www.technion.ac.il/~tzafrir/ |vim is a mutt's best friend| mailto:[EMAIL PROTECTED] +---------------------------+ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
