Citējot Billy Wilson <billy_wil...@byu.edu>:
Hi,
I have a question about using Xvfb securely on a multi-user system.
We are currently using xorg-x11-server-Xvfb-1.10.4-6.el6.x86_64. Our
main reason for using Xvfb is to accommodate one of our users, whose
scientific computing software requires an X server for some reason.
My concern is that if the non-privileged user runs the following:
`Xvfb :1 -screen 0 800x600x24+1`
probably You cant start it without TCP protocol
$ Xvfb :1 -screen 0 800x600x24+1 -nolisten tcp
and after successful start restrict the socket file
$ chmod 0600 /tmp/.X11-unix/X1
Any user on the system is able to export DISPLAY=:1 and run programs
that connect to his dummy X server. I'm aware of auth file and xhost
mechanisms for access control, but I was wondering how I can have
Xvfb restrict connections strictly to the user, by default.
In other words: How can I prevent an uninformed user from using the
Xvfb defaults and opening X to the world?
Thanks,
Billy Wilson
_______________________________________________
xorg@lists.x.org: X.Org support
Archives: http://lists.freedesktop.org/archives/xorg
Info: http://lists.x.org/mailman/listinfo/xorg
Your subscription address: %(user_address)s
