SuSE Linux: All versions
xlogin
and xdm
as user
A
and you want to start an X application as user B
(e.g. as user
root
, see also http://www.suse.de/sdb/en/html/perms.html).
You get the following error message:
Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server Error: Can't open display: :0.0Afterwards the program crashes.
This feature is a security mechanism in the X window system. This mechanism protects against unwanted readers of your dislpay through other users or foreign systems, because X window systems are network compatible resp. network transparent.
Without any protection mechanism any user or any foreigner via ethernet is able to connect to your local machine and read your display online and accordingly able to adept and explore your password or other confidential information .
The above mentioned mechanism prevents this possibility. Further information about this security mechanism can be found in the manpage
Xsecurity
(Use: man Xsecurity
).
xhost +localhostInstead of
localhost
any other machine can be admitted.
Thereby all users are permitted to access the display on this machine.
That is to say no perimeter of the allowed users is possible.
By far secure is the procedure to set a key directly to the display alike described in the manpage xauth
(Using: man
xauth
). Every user of the display can read out the key by the use of the following commands:
xauth list :0or
xauth list `hostname`:0and a second user with
xauth add <KEY>Whereas
<KEY>
is one of the lines out of xauth
list
.
Of course you can read out or set the keys from other displays by the use of
xauth
. As a rule the local display can be accessed with
:0or from a foreign machine with
<HOSTNAME>:0In the first case the local display will be used in the second case another display via network (e.g. Ethernet) to another machine with the name
<HOSTNAME>
.
If you want to use another display than :0
or if you want to work from another machine
you have to set the display correctly.
For a bash
or any other
bourne-shell
the command is:
DISPLAY=<HOSTNAME>:<NUMBER> export DISPLAYfor the
tcsh
or csh
:
setenv DISPLAY <HOSTNAME>:<NUMBER><HOSTNAME> is the name of the machine and <NUMBER> is the number of the display.