running X programs as another user

Sorry for the duplicate postings (if it does get duplicated) -- my first
message was not posted even after ~10 hrs.

----------

Along the process of trying to recompile a personalized kernel for this
machine (following my previous posts and responses), I seem to be unable
to run any X-based programs as root from within an X-session started as a
regular user (karthik). I.e. I log in as karthik -> startx, open an xterm,
and su - root. Once there, any attempt to run an X based program gives an
error, for e.g.:

# gandalf:~# whoami; gw
root

Gdk-WARNING **: locale not supported by C library

Gtk-WARNING **: cannot open display:


I am guessing this is some sort of security measure?

How can I circumvent this? What are good places to gain some basic
understanding of X and related security concerns etc.

Thanks,

-K


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: running X programs as another user

You can solve this problem using xhost.

You have to run `xhost +' as the normal user so that your X display is open
to everyone and then su as root.

But the better way is to export the X authorization cookies when you su.
This is really simple if your authentication is based on PAM (which it
should be unless it you are using a very old system).

--/etc/pam.d/su-->

session optional /lib/security/pam_xauth.so

<----

The pam_xauth.so help is available at
/usr/share/doc/pam-/txts/README.pam_xauth (or something like
that).

I think post script versions are also available.

--
M Rajsekar
IIT Madras

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: running X programs as another user

Just on quick comment: rather than using 'xhost +' I would recommend using
'xhost +localhost'. The former allows connections to the X server from any
host, while the latter only allows connections from the localhost. Usually
wouldn't matter, but it is more secure.

Just my $0.02,
Conway S. Smith
>
> You can solve this problem using xhost.
>
> You have to run `xhost +' as the normal user so that your X display is open
> to everyone and then su as root.
>
> But the better way is to export the X authorization cookies when you su.
> This is really simple if your authentication is based on PAM (which it
> should be unless it you are using a very old system).
>
> --/etc/pam.d/su-->
>
> session optional /lib/security/pam_xauth.so
>
> <----
>
> The pam_xauth.so help is available at
> /usr/share/doc/pam-/txts/README.pam_xauth (or something like
> that).
>
> I think post script versions are also available.
>
> --
> M Rajsekar
> IIT Madras
>
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs