https://bugzilla.novell.com/show_bug.cgi?id=538064 https://bugzilla.novell.com/show_bug.cgi?id=538064#c37 --- Comment #37 from Dr. Werner Fink <werner@novell.com> 2010-09-28 15:31:46 UTC --- man 7 security: [...] localuser & localgroup On systems which can determine in a secure fashion the creden- tials of a client process, the "localuser" and "localgroup" authentication methods provide access based on those creden- tials. The format of the values provided is platform specific. For POSIX & UNIX platforms, if the value starts with the charac- ter '#', the rest of the string is treated as a decimal uid or gid, otherwise the string is defined as a user name or group name. If your system supports this method and you use it, be warned that some programs that proxy connections and are setuid or set- gid may get authenticated as the uid or gid of the proxy pro- cess. For instance, some versions of ssh will be authenticated as the user root, no matter what user is running the ssh client, so on systems with such software, adding access for localuser:root may allow wider access than intended to the X display. .. what happend about forwarded X11 and TCP connections by ssh/sshd? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.