Hi Andrei, I hope I didn't mess up your Sunday :o Thanks for the work & confirmation! Andrei Borzenkov wrote:
Yes, I can reproduce it with different display managers and under Leap as well.
Indeed, my older 42.2 installation does the same.
Actually, quick search shows similar issues being reported quite a while back for different distributions.
Yes, 12 years or so...
Xserver manual page vaguely suggests that "If no other authorization mechanism is being used, this list initially consists of the host on which the server is running as well as any machines listed in the file /etc/Xn.hosts" and today Xwerver is almost universally started with -auth parameter.
Oh, I had not checked the Xserver manpage yet! But that one also seems to allow general family:name entries, like also man xhost suggests. It's indeed vague whether it only reads the file when no other auth is specified, or if in that case those are the only entries. But as local: shows up it *does* read it also when -auth is specified.
The lack of server interpreted entries is clear bug - apparently you were the first ever to try them in /etc/Xn.hosts :)
I think I saw some more references to it when looking for clues, but most people seem to rather 'give up' and use an xhost call in ~/.profile (which is what I'm now doing, too....)
There is argument format mismatch when function that adds these entries is called, so they get ignored. This is upstream bug present in current Xorg GIT.
Uuh - are you opening a ticket for that?
Local host access is indeed disabled when -auth parameter is present and content is not empty. Still explicitly added entries are expected to be preserved, which explains why LOCAL: is returned here. What is not clear, why it does not have any effect. It could be some subtle bug as in previous case ...
I was wondering if it could come from the fact that the display manager hands over the session to the user at some point - could something go wrong there?
... OK, I suspect what's going on here (to confirm would require downloading even more Xorg sources). It looks like this explicit entry is effective only when Xserver is listening on TCP/IP socket; in our case server is local. Adding local: manually flips *another* flag that allows unrestricted local connections.
Hmm, does it work different when running without '-nolisten tcp'? Indeed, in that case the si:localuser seems still to be ignored (as you confirmed with the mismatch). Just now the local: entry is not only displayed, but it also works!
What a mess really ...
Not going to object.... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org