Re: [SLUG] SuSE - "connection to ":0.0" refused by server"

From: Ian Blenke (icblenke@nks.net)
Date: Wed Oct 08 2003 - 15:29:40 EDT


kwan@digitalhermit.com wrote:
> First, you need to allow access from localhost as the user that logged
> into the X session:
> xhost + localhost

I don't recommend xhost, ever. Anyone else on the box now has complete
control of your desktop.

If speed is an issue (for things that use xv/dri/opengl etc) for things
that simply must run as another user, the better solution is to use xauth:

        username$ echo $DISPLAY
        :0.0
        username$ xauth list $DISPLAY
        hostname/unix:0 MIT-MAGIC-COOKIE-1 \
        12345678901234567890123456789012
        username$ su - root
        Password: ************
        $ export DISPLAY=:0.0

now you can either "merge" username's .Xauthority file with root's, or
you can "add" it by cut and pasting:

        $ xauth merge - < ~username/.Xauthority
or
        $ xauth add $DISPLAY MIT-MAGIC-COOKIE-1 \
        12345678901234567890123456789012

I tend to use xauth merge with the dash/stdin trick above.. if you merge
the file directly, xauth likes to chmod username's .Xauthority file
owned as root so username can no longer open up new windows.

For users other than root, you will need to make sure that the target
user has read permissions of that file. Alternatively, you can ssh back
to the first user, run xauth list, and add it:

        otheruser$ xauth add $DISPLAY `ssh username@localhost \
        xauth list $DISPLAY | cut -d' ' -f2-`

Now otheruser has access to username's magic cookie for DISPLAY.

If speed isn't an issue (ie, most X11 clients), the best method is
really to use ssh X11Forwarding.

If you're having speed issues over a WAN connection, consider using
something like DXCP, LBX, or Tight VNC. Native X11 is rather bandwidth
intensive.

-- 
- Ian C. Blenke <icblenke@nks.net>
(This message bound by the following:
http://www.nks.net/email_disclaimer.html)

----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:54:25 EDT