R Hannes Beinert wrote:
Hello!
Hello
I was having trouble getting a vnc connection to my SuSE v9.2 box, and ultimately resolved the problem by modifying the xinetd configuration file in /etc/xinetd.d/vnc to specify that the xvnc server execute as user=root instead of the original distro specification of user=nobody. It seems to me that regardless of which window manager is forked from xvnc, it would need root privilege -- I can't see how the originally shipped configuration file would work.
Given that I would like to use VNC, is this a reasonable configuration from a security perspective? Is there a preferred configuration?
I use VNC on several Boxes (8.2, 9.2, 9.3), all without changing to root. One thing I remember, I never got it to work without a reboot (yepp I know that's Windows-Style *brr*). I only changed the configuration in /etc/xinetd.d/vnc (for display resolution things). Then made an inserv xinetd (to install xinetd in the runlevels) and reboot. All my experiments without rebooting and instead restart xinetd and kdm and so didn't work. (I could connect to the machine via vnc but never got the kdm :-( But with a reboot of the machine I could connect to kdm via vnc. (Never bothered about it, because I configure vnc directly after installing so a reboot isn't a problem at that time.) For security reason I don't know about any problem in vnc at this time, but running a server-apps as root is never good.
Thanks!
Hannes.
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
-- Mit freundlichen Grüßen, Guido Tschakert