changing user with SU, gives "Xlib: connection to ":0.0" refused by server" (Partily solved)

[Andrew Glen-Young]

On 08/10/2007, (``-_-´´) -- Fernando <ubuntu at bugabundo.net> wrote:
> > $ xhost +
> > access control disabled, clients can connect from any host
> >
> > I don't think that this is the best of ideas, but since the Ubuntu
> > Xserver doesn't listen on any network ports be default, it should be safe.
>
> $ xhost +
> access control disabled, clients can connect from any host
> $ sudo -u OTHERUSER gedit
> [sudo] password for MYUSER:
>
> (gedit:27092): GnomeUI-WARNING **: While connecting to session manager:
> Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed.
>
> But it ended up opening gedit. so it works.
> How unsafe is this? I dont think I have the default config, so I might have extra ports open.
>
> $ sudo netstat -puta
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
[...]
> tcp        0      0 *:x11                   *:*                     LISTEN     7692/X
[...]
> tcp6       0      0 *:x11                   *:*                     LISTEN     7692/X
[...]
> udp6       0      0 *:xdmcp                 *:*                                7685/gdm

It does look like you have some X ports open. It does mean that
someone can connect to your Xserver remotely and login as a valid user
on your machine.
I would consider this method a work around until you find the "proper"
way of doing it.

It's always worked for me for quick, temporary hacks and so I've never
bothered working out the correct method.

Perhaps look at the Gnome Session Manager docs?

- A.