RE: [suse-linux-uk-schools] wont run as root
I disagree there -- it would almost certainly create a bigger overhead on the system.
I concede to you on that one for a loopback connection. But read on ...
One trick I use (for remote systems) is:
X -query <IP>
trick on my server so that I can connect locally to it.
I am assuming that you have already enabled XDMCP on your X client (i.e. the remote machine to which you want to make the connection). Sorry, but the jargon is all counter-intuitive. Your earlier comment about overheads comes back to haunt you here, though, as well as the introduction of potential security breaches: 1. Network traffic when you start up your remote X server with X -query 192.168.x.y :1 is quite considerable. 2. There is no reliable security governing the connection between your X server and the remote client whose session you are using. Consider again my ssh connection: 1. There is much less network traffic, as only the process actually engaged and ssh itself is causing any. 2. Ssh provides a high level of data encryption at both ends of the conversation. 3. There is absolutely no need to open up XDMCP at all to allow this to happen. 4. In most cases, the root user is debarred from attaching across a LAN using XDMCP because of the inherent security risk.
You neglect to say *what* failed, and how. I'd be interested in this.
Sorry - I don't know what failed - the previous correspndent provided some error messages, but they were not enough for me to determine exactly where the failure occurred and I do not have the time to replicate his problem.
to manage resources on remote stations on the network.) I have also in the past used Thomas's 'magic-cookie' solution, but it proves more tricky than the one I favour.
How's that? If you don't like xauth (grin)
Just a less elegant command line. With the xauth solution you have to su first, then I suppose you could concoct a more elegant command line along the lines of export DISPLAY=localhost:0.0 && xauth merge ~user/.Xauthority && /usr/local/bin/executable.to.run (all one line, whatever your mailer does to render it!!) Just plug ugly. But I do accept that the overhead is lower for a loopback connection. , the "sudo" is an even
simpler means, in my opinion.
Possibly, eventually, after setting up the appropriate section in sudoers and still not really as secure a connection as the ssh one - but maybe I am too hung up on security. I'm listening ... -- Email: aray@computerpark.co.uk --------------------------------------------------------- This private and confidential e-mail has been sent to you by Computer Park Ltd. If you are not the intended recipient of this e-mail and have received it in error, please notify us via the email address or telephone number below, and then delete it from your mailbox. Email: mailbox@computerpark.co.uk Tel: +44 (0) 1536 417155 Fax: +44 (0) 1536 417566 Head Office: Computer Park Ltd, Broughton Grange, Headlands, Kettering Northamptonshire NN15 6XA Registered in England: 3022961. Registered Office: 6 North Street, Oundle, Peterborough PE8 4AL =========================================================
Andrew RAY said:
I disagree there -- it would almost certainly create a bigger overhead on the system.
I concede to you on that one for a loopback connection. But read on ...
One trick I use (for remote systems) is:
X -query <IP>
trick on my server so that I can connect locally to it.
I am assuming that you have already enabled XDMCP on your X client (i.e. the remote machine to which you want to make the connection). Sorry, but the jargon is all counter-intuitive. Your earlier comment about overheads comes back to haunt you here, though, as well as the introduction of potential security breaches:
1. Network traffic when you start up your remote X server with
X -query 192.168.x.y :1
is quite considerable.
2. There is no reliable security governing the connection between your X server and the remote client whose session you are using.
Consider again my ssh connection:
1. There is much less network traffic, as only the process actually engaged and ssh itself is causing any.
2. Ssh provides a high level of data encryption at both ends of the conversation.
3. There is absolutely no need to open up XDMCP at all to allow this to happen.
4. In most cases, the root user is debarred from attaching across a LAN using XDMCP because of the inherent security risk.
You neglect to say *what* failed, and how. I'd be interested in this.
Sorry - I don't know what failed - the previous correspndent provided some error messages, but they were not enough for me to determine exactly where the failure occurred and I do not have the time to replicate his problem.
What failed? This was the whole piont of the thread. When I tried to run the OOo install from command line as su with borrowed uid I get the error: ./setup: cannot connect to X server But Andrew and Thomas have both failed to try and help work out a solution. Instead they basicly argue over who knows more about linux and who knows how to do something unrealted to the problem. Could we please get back to the question at hand? Now that I have OOo install, whenever I try and run I get this error: cannot be started due to an error accessing the configuration data. Please contact your system administrator. The following internal error has occurred: GetStorage, name:"No Content! Does anyone have a clue what may be going wrong?
to manage resources on remote stations on the network.) I have also in the past used Thomas's 'magic-cookie' solution, but it proves more tricky than the one I favour.
How's that? If you don't like xauth (grin)
Just a less elegant command line. With the xauth solution you have to su first, then I suppose you could concoct a more elegant command line along the lines of
export DISPLAY=localhost:0.0 && xauth merge ~user/.Xauthority && /usr/local/bin/executable.to.run
(all one line, whatever your mailer does to render it!!)
Just plug ugly. But I do accept that the overhead is lower for a loopback connection.
, the "sudo" is an even
simpler means, in my opinion.
Possibly, eventually, after setting up the appropriate section in sudoers and still not really as secure a connection as the ssh one - but maybe I am too hung up on security.
I'm listening ...
-- Email: aray@computerpark.co.uk
---------------------------------------------------------
This private and confidential e-mail has been sent to you by Computer Park Ltd.
If you are not the intended recipient of this e-mail and have received it in error, please notify us via the email address or telephone number below, and then delete it from your mailbox.
Email: mailbox@computerpark.co.uk
Tel: +44 (0) 1536 417155 Fax: +44 (0) 1536 417566
Head Office: Computer Park Ltd, Broughton Grange, Headlands, Kettering Northamptonshire NN15 6XA
Registered in England: 3022961.
Registered Office: 6 North Street, Oundle, Peterborough PE8 4AL
=========================================================
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Andrew RAY said:
What failed? This was the whole piont of the thread. When I tried to run the OOo install from command line as su with borrowed uid I get the error:
./setup: cannot connect to X server
But Andrew and Thomas have both failed to try and help work out a solution. Instead they basicly argue over who knows more about linux and who knows how to do something unrealted to the problem. Could we please get back to the question at hand? Now that I have OOo install, whenever I try and run I get this error:
*cough* && export rant=1 Andrew, I am suprised at you! I have helped you out on more than one occassion, often describing your problem in greater detail than you anticipated. Don't come here all high and mighty thinking that people on this list owe you -- WE DON'T. All we do is try and offer help where necessary. Andrew Ray and myself discussed your problem, came to four very different and effective solutions, and then went on to discuss some of the more interesting features of them. Had you have READ our replies, you'd have realised that. -- Thomas Adam ===== Thomas Adam "The Linux Weekend Mechanic" -- www.linuxgazette.com ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
Thomas Adam said:
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Andrew RAY said:
What failed? This was the whole piont of the thread. When I tried to run the OOo install from command line as su with borrowed uid I get the error:
./setup: cannot connect to X server
But Andrew and Thomas have both failed to try and help work out a solution. Instead they basicly argue over who knows more about linux and who knows how to do something unrealted to the problem. Could we please get back to the question at hand? Now that I have OOo install, whenever I try and run I get this error:
*cough* && export rant=1
Andrew, I am suprised at you! I have helped you out on more than one occassion, often describing your problem in greater detail than you anticipated. Don't come here all high and mighty thinking that people on this list owe you -- WE DON'T. All we do is try and offer help where necessary.
I know you've help me and i appreciate that. I didnt mean to say you owe me. Sorry if it sounded like that.
Andrew Ray and myself discussed your problem, came to four very different and effective solutions, and then went on to discuss some of the more interesting features of them. Had you have READ our replies, you'd have realised that.
I did read your replies. Your solutions may have been different not none were really effective. I had to log out and log back in as root. As it turned out all I had to do was type sux instead of su. Which meant I didnt to log out in the first place. All your answers were long winded, and ineffective. How was it that you failed to mention that sux would do what I needed it to?
-- Thomas Adam
===== Thomas Adam
"The Linux Weekend Mechanic" -- www.linuxgazette.com
________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Thomas Adam said:
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Andrew RAY said:
What failed? This was the whole piont of the thread. When I tried to run the OOo install from command line as su with borrowed uid I get the error:
./setup: cannot connect to X server
But Andrew and Thomas have both failed to try and help work out a solution. Instead they basicly argue over who knows more about linux and who knows how to do something unrealted to the problem. Could we please get back to the question at hand? Now that I have OOo install, whenever I try and run I get this error:
*cough* && export rant=1
Andrew, I am suprised at you! I have helped you out on more than one occassion, often describing your problem in greater detail than you anticipated. Don't come here all high and mighty thinking that people on this list owe you -- WE DON'T. All we do is try and offer help where necessary.
I know you've help me and i appreciate that. I didnt mean to say you owe me. Sorry if it sounded like that.
Hmm. If you are struggling with Linux, read: "Running Linux", published by O'reilly. It's obvious that you should.
Andrew Ray and myself discussed your problem, came to four very different and effective solutions, and then went on to discuss some of the more interesting features of them. Had you have READ our replies, you'd have realised that.
I did read your replies. Your solutions may have been different not none were really effective. I had to log out and log back in as root. As it turned out all I had to do was type sux instead of su. Which meant I didnt to log out in the first place. All your answers were long winded, and ineffective. How was it that you failed to mention that sux would do what I needed it to?
This comes down to a contextual issue. All I and Andrew did was take your question AS you had described it. In that case, I knew that there were 4 alternatives and actually the "su - -c'export DISPLAY=:0.0 && this_command'" suggestion is all that "xsu" is doing. Your lack of information in that instance is all too apparant. Furtermore, might I make a suggestion to people to have a look through the suse-uk-schools archives -- I've been seeing a lot of repetitive questions. Thanks, Thomas Adam ===== Thomas Adam "The Linux Weekend Mechanic" -- www.linuxgazette.com ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
Thomas Adam said:
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Andrew RAY said:
What failed? This was the whole piont of the thread. When I tried to run the OOo install from command line as su with borrowed uid I get the error:
./setup: cannot connect to X server
But Andrew and Thomas have both failed to try and help work out a solution. Instead they basicly argue over who knows more about
try and run I get this error:
*cough* && export rant=1
Andrew, I am suprised at you! I have helped you out on more than one occassion, often describing your problem in greater detail than you anticipated. Don't come here all high and mighty thinking that
Thomas Adam said: linux and who knows how to do something unrealted to the problem. Could we please get back to the question at hand? Now that I have OOo install, whenever I people on
this list owe you -- WE DON'T. All we do is try and offer help where necessary.
I know you've help me and i appreciate that. I didnt mean to say you owe me. Sorry if it sounded like that.
Hmm. If you are struggling with Linux, read: "Running Linux", published by O'reilly. It's obvious that you should.
Ill try that.
Andrew Ray and myself discussed your problem, came to four very different and effective solutions, and then went on to discuss some of the more interesting features of them. Had you have READ our replies, you'd have realised that.
I did read your replies. Your solutions may have been different not none were really effective. I had to log out and log back in as root. As it turned out all I had to do was type sux instead of su. Which meant I didnt to log out in the first place. All your answers were long winded, and ineffective. How was it that you failed to mention that sux would do what I needed it to?
This comes down to a contextual issue. All I and Andrew did was take your question AS you had described it. In that case, I knew that there were 4 alternatives and actually the "su - -c'export DISPLAY=:0.0 && this_command'" suggestion is all that "xsu" is doing.
so why give me the long winded version when a concise one would do?
Your lack of information in that instance is all too apparant.
That may be so, but isnt this what this list is here for?
Furtermore, might I make a suggestion to people to have a look through the suse-uk-schools archives -- I've been seeing a lot of repetitive questions.
Thanks,
Thomas Adam
===== Thomas Adam
"The Linux Weekend Mechanic" -- www.linuxgazette.com
________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Thomas Adam said:
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Thomas Adam said:
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
This comes down to a contextual issue. All I and Andrew did was take your question AS you had described it. In that case, I knew that there were 4 alternatives and actually the "su - -c'export DISPLAY=:0.0 && this_command'" suggestion is all that "xsu" is doing.
so why give me the long winded version when a concise one would do?
Sigh. If you want *that* kind of support, go pay for it. The fact is, you got your answer, and Andrew and I were just discussing other things related to it.
Your lack of information in that instance is all too apparant.
That may be so, but isnt this what this list is here for?
LOL, yes, but if you don't provide enough information, how are we to effectively help you? It's like saying: "My car is broke". * How is it broke? * Does the engine start? * Does it cut out after two mins, etc. You see. We should have to generate MORE traffic on this list, just to ascertain what ought to be common facts. Remember that we can only go by what YOU tell us. We're not sat at your computer. I suggest you look here: http://www.linuxgazette.com/tag/ask-the-gang.html -- Thomas Adam ===== Thomas Adam "The Linux Weekend Mechanic" -- www.linuxgazette.com ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
Thomas Adam said:
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Thomas Adam said:
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Thomas Adam said:
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
This comes down to a contextual issue. All I and Andrew did was take your question AS you had described it. In that case, I knew that there were 4 alternatives and actually the "su - -c'export DISPLAY=:0.0 && this_command'" suggestion is all that "xsu" is doing.
so why give me the long winded version when a concise one would do?
Sigh. If you want *that* kind of support, go pay for it. The fact is, you got your answer, and Andrew and I were just discussing other things related to it.
Your lack of information in that instance is all too apparant.
That may be so, but isnt this what this list is here for?
LOL, yes, but if you don't provide enough information, how are we to effectively help you? It's like saying:
"My car is broke".
* How is it broke? * Does the engine start? * Does it cut out after two mins, etc.
I agree with, that sometimes I dont supply enough information to get a concise anwers. Also Im not sure if there was much more information I could have given you about this problem. But Andrew Ray appeard to know what I was talking about straight away. So I got the impression you would too. Then garry came out gave me a simple command and bobs your uncle. My problem was solved. With all your linux knowledge I find it hard to believe that you didnt think of this solution straight away!
You see. We should have to generate MORE traffic on this list, just to ascertain what ought to be common facts. Remember that we can only go by what YOU tell us. We're not sat at your computer.
I suggest you look here:
http://www.linuxgazette.com/tag/ask-the-gang.html
-- Thomas Adam
===== Thomas Adam
"The Linux Weekend Mechanic" -- www.linuxgazette.com
________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Thomas Adam said:
"My car is broke".
* How is it broke? * Does the engine start? * Does it cut out after two mins, etc.
I agree with, that sometimes I dont supply enough information to get a concise anwers. Also Im not sure if there was much more information I could have given you about this problem. But Andrew Ray appeard to know what I was talking about straight away. So I got the impression you would too.
I did, suffice it to say that here was no WRONG answer. Andrew, listen to yourself.... the answers andrew and I supplied DO exactly what you want. I hardly think that typing in a command is taxing, do you? Hmm, well actually, you *did* remember to open up "xterm" BEFORE trying to type, didn't you?
Then garry came out gave me a simple command and bobs your uncle. My problem was solved. With all your linux knowledge I find it hard to believe that you didnt think of this solution straight away!
How dare you patronise me like that. Fact of the matter was, you problem has been solved LONG before the xsu answer came up -- days before. What took you so long to try one of them? Hmm? You'll be getting no more help from me. -- Thomas Adam ===== Thomas Adam "The Linux Weekend Mechanic" -- www.linuxgazette.com ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
Thomas Adam said:
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Thomas Adam said:
"My car is broke".
* How is it broke? * Does the engine start? * Does it cut out after two mins, etc.
I agree with, that sometimes I dont supply enough information to get a concise anwers. Also Im not sure if there was much more information I could have given you about this problem. But Andrew Ray appeard to know what I was talking about straight away. So I got the impression you would too.
I did, suffice it to say that here was no WRONG answer. Andrew, listen to yourself.... the answers andrew and I supplied DO exactly what you want. I hardly think that typing in a command is taxing, do you? Hmm, well actually, you *did* remember to open up "xterm" BEFORE trying to type, didn't you?
I did everything you told me to do! And not single one of them worked! Oh and yes I did open up xterm.
Then garry came out gave me a simple command and bobs your uncle. My problem was solved. With all your linux knowledge I find it hard to believe that you didnt think of this solution straight away!
How dare you patronise me like that. Fact of the matter was, you problem has been solved LONG before the xsu answer came up -- days before. What took you so long to try one of them? Hmm?
You'll be getting no more help from me.
To be honest Thomas all the answers you have given end up being corrected by someone else. So basicly you havent really helped me at all!
-- Thomas Adam
===== Thomas Adam
"The Linux Weekend Mechanic" -- www.linuxgazette.com
________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Thomas Adam said:
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Thomas Adam said:
"My car is broke".
* How is it broke? * Does the engine start? * Does it cut out after two mins, etc.
I agree with, that sometimes I dont supply enough information to get a concise anwers. Also Im not sure if there was much more information I could have given you about this problem. But Andrew Ray appeard to know what I was talking about straight away. So I got the impression you would too.
I did, suffice it to say that here was no WRONG answer. Andrew, listen to yourself.... the answers andrew and I supplied DO exactly what you want. I hardly think that typing in a command is taxing, do you? Hmm, well actually, you *did* remember to open up "xterm" BEFORE trying to type, didn't you?
I did everything you told me to do! And not single one of them worked! Oh and yes I did open up xterm.
Then, alas, you must have mis-typed them? Which ones did you try? I'd like to know, please.
To be honest Thomas all the answers you have given end up being corrected by someone else. So basicly you havent really helped me at all!
I'm sorry for that. You see, as luck wouldn't have it, I don't have access to a Linux box when I reply to e-mails, hence I do everything from memory. Although, in many cases, I do correct myself, on the odd occassion. Kindly, Thomas Adam ===== Thomas Adam "The Linux Weekend Mechanic" -- www.linuxgazette.com ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
Thomas Adam said:
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Thomas Adam said:
"My car is broke".
* How is it broke? * Does the engine start? * Does it cut out after two mins, etc.
I agree with, that sometimes I dont supply enough information to get a concise anwers. Also Im not sure if there was much more information I could have given you about this problem. But Andrew Ray appeard to know what I was talking about straight away. So I got the impression you would too.
I did, suffice it to say that here was no WRONG answer. Andrew,
Thomas Adam said: listen to yourself.... the answers andrew and I supplied DO exactly what you want. I hardly think that typing in a command is taxing, do you? Hmm, well actually, you *did* remember to open up "xterm" BEFORE trying to type, didn't you?
I did everything you told me to do! And not single one of them worked! Oh and yes I did open up xterm.
Then, alas, you must have mis-typed them? Which ones did you try? I'd like to know, please.
I always try every solution that is sent to me. There is a possiblility that they were typed wrongly as I often get confused when people send me solutions like: ssh -X root@localhost /path/to/the/executable/you/were/trying/to/run or: $ su - # export DISPLAY=:0.0 # xauth merge ~n6tadam/.Xauthority where "~n6tadam" is the user X is running as. Personally number 4) is much more secure. Never use number 1) unless you're mad. As I have never seen the command before I dont always know where I should put the information specific to me.
To be honest Thomas all the answers you have given end up being corrected by someone else. So basicly you havent really helped me at all!
I'm sorry for that. You see, as luck wouldn't have it, I don't have access to a Linux box when I reply to e-mails, hence I do everything from memory. Although, in many cases, I do correct myself, on the odd occassion.
Kindly,
Thomas Adam
===== Thomas Adam
"The Linux Weekend Mechanic" -- www.linuxgazette.com
________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
I always try every solution that is sent to me. There is a possiblility that they were typed wrongly as I often get confused when people send me solutions like:
ssh -X root@localhost /path/to/the/executable/you/were/trying/to/run
or:
$ su - # export DISPLAY=:0.0 # xauth merge ~n6tadam/.Xauthority
where "~n6tadam" is the user X is running as. Personally number 4) is much more secure. Never use number 1) unless you're mad.
As I have never seen the command before I dont always know where I should put the information specific to me.
I can think of several places, however the one that you want is "in an xterm". If you're wondering about the notation regarding "$" and "#" those are prompt signifiers. $ == NON-ROOT # == ROOT so what that is telling is: $ su - # export etc... means that "su -" is typed as a non-root user, which, because of the nature of the program then changes to a root prompt (echo $PS1). The "ssh -X" solution assumes that you have sshd (the ssh daemon) running on the box to which you want to connect, so you'll want to ensure that you type: /etc/init.d/sshd start (on SuSE, I believe it is that). HTH, -- Thomas Adam ===== Thomas Adam "The Linux Weekend Mechanic" -- www.linuxgazette.com ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
Thomas Adam said:
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
I always try every solution that is sent to me. There is a possiblility that they were typed wrongly as I often get confused when people send me solutions like:
ssh -X root@localhost /path/to/the/executable/you/were/trying/to/run
or:
$ su - # export DISPLAY=:0.0 # xauth merge ~n6tadam/.Xauthority
where "~n6tadam" is the user X is running as. Personally number 4) is much more secure. Never use number 1) unless you're mad.
As I have never seen the command before I dont always know where I should put the information specific to me.
I can think of several places, however the one that you want is "in an xterm". If you're wondering about the notation regarding "$" and "#" those are prompt signifiers.
$ == NON-ROOT # == ROOT
so what that is telling is:
$ su - # export
etc... means that "su -" is typed as a non-root user, which, because of the nature of the program then changes to a root prompt (echo $PS1).
I already understood everything you are telling me here. What I didnt understand is: "where "~n6tadam" is the user X is running as" in terms of "# xauth merge ~n6tadam/.Xauthority"
The "ssh -X" solution assumes that you have sshd (the ssh daemon) running on the box to which you want to connect, so you'll want to ensure that you type:
/etc/init.d/sshd start
(on SuSE, I believe it is that).
With this solution. I tried ssh -x user@localhost and then ran the app but it failed to connect to Xserver. Just as it did when I tried the same operation with ssh.
HTH,
-- Thomas Adam
===== Thomas Adam
"The Linux Weekend Mechanic" -- www.linuxgazette.com
________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
--- Andrew Nix <andrew.nix@st-paulshigh.manchester.sch.uk> wrote:
Thomas Adam said:
I already understood everything you are telling me here. What I didnt
So.
understand is:
"where "~n6tadam" is the user X is running as"
in terms of
"# xauth merge ~n6tadam/.Xauthority"
xauth merge ~USERNAME/.Xauthoriry. i.e.: xauth merge ~$USER/.Xauthority should do it.
The "ssh -X" solution assumes that you have sshd (the ssh daemon) running on the box to which you want to connect, so you'll want to ensure that you type:
/etc/init.d/sshd start
(on SuSE, I believe it is that).
With this solution. I tried ssh -x user@localhost and then ran the app but it failed to connect to Xserver. Just as it did when I tried the same operation with ssh.
You need to be more specific, Andrew. -- Thomas Adam ===== Thomas Adam "The Linux Weekend Mechanic" -- www.linuxgazette.com ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
--- Andrew RAY <aray@computerpark.co.uk> wrote:
I disagree there -- it would almost certainly create a bigger overhead on the system.
I concede to you on that one for a loopback connection. But read on ...
I wasn't aware we were scoring points :)
One trick I use (for remote systems) is:
X -query <IP>
trick on my server so that I can connect locally to it.
I am assuming that you have already enabled XDMCP on your X client (i.e. the remote machine to which you want to make the connection). Sorry, but the jargon is all counter-intuitive. Your earlier comment about overheads comes back to haunt you here, though, as well as the introduction of potential security breaches:
1. Network traffic when you start up your remote X server with
X -query 192.168.x.y :1
is quite considerable.
Yes, that I will agree with, however, the same can be said for ssh that has multiple connections. What about if the server in question has ftp running, et al?
2. There is no reliable security governing the connection between your X server and the remote client whose session you are using.
Consider again my ssh connection:
1. There is much less network traffic, as only the process actually engaged and ssh itself is causing any.
2. Ssh provides a high level of data encryption at both ends of the conversation.
3. There is absolutely no need to open up XDMCP at all to allow this to happen.
4. In most cases, the root user is debarred from attaching across a LAN using XDMCP because of the inherent security risk.
Yes....all those points are rather obvious, but I say again, it depends on the situation. [..snip..]
How's that? If you don't like xauth (grin)
Just a less elegant command line. With the xauth solution you have to su first, then I suppose you could concoct a more elegant command line along the lines of
export DISPLAY=localhost:0.0 && xauth merge ~user/.Xauthority && /usr/local/bin/executable.to.run
(all one line, whatever your mailer does to render it!!)
If you was unsure whether my mailer would render it on one line you should have used the "\" continuator.
Just plug ugly. But I do accept that the overhead is lower for a loopback connection.
Yes.
, the "sudo" is an even
simpler means, in my opinion.
Possibly, eventually, after setting up the appropriate section in sudoers and still not really as secure a connection as the ssh one - but maybe I am too hung up on security.
I think you are, and I believe we're talking from two different view points. In my experience, I have only used XDMCP because I had no cause for ssh at the time, as I was on a private network not on the internet. Thanks, Andrew. -- Thomas Adam ===== Thomas Adam "The Linux Weekend Mechanic" -- www.linuxgazette.com ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
participants (3)
-
Andrew Nix -
Andrew RAY -
Thomas Adam