Xorg Auth (hoary)
crimsun at fungus.sh.nu
crimsun at fungus.sh.nu
Sat Jan 1 22:00:46 UTC 2005
On Sat, Jan 01, 2005 at 04:31:31PM -0500, David Mandelberg wrote:
> I'm trying to run gaim as a restricted user (user:david-chat, group:david-chat;
> groups:david-restricted,audio). I have sudo set up to allow me (david) to sudo
> to any user in group david-restricted without a password, and that seems to be
> working (it caused other problems, so I'm posting it for completeness). When I
> run gaim as david-chat, it says that the connection to :0.0 wasn't allowed, so I
> do "xhost +local:" to allow it. What I want to know is how to configure Xorg so
> that the default ACLs allow all "local:"s.
Do not use xhost(1); instead, use xauth(1). In essence, export the
cookie that david uses to david-chat.
$ xauth extract foo :0
$ sudo -u david-chat xauth merge foo
$ rm -f foo
Allowing everything local is a bad idea, because it poses a security
hole.
--
Daniel T. Chen crimsun at fungus.sh.nu
GPG key: www.sh.nu/~crimsun/pubkey.gpg.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050101/4d0d5f15/attachment.sig>
More information about the ubuntu-users
mailing list