[ale] remote X problems.

James P. Kinney III jkinney at localnetsolutions.com
Thu Aug 7 20:52:59 EDT 2003 

It causes Bob to have small strokes every time some su's to root :)

Mainly it breaks the Xauthority chain for having the remote app display
locally. The "proper" way is to ssh to the remote machine as your remote
self. Now you have established the correct "chaining" of Xauthority
links. Then su to run the root-only app. As remote-root as authority to
display on remote-you screen and remote you has authority to display on
local-you screen, after about 1-5 minutes, a local window appears for
the remote root application.

In general, it is always best to do the initial remote login as some
user other than root. The su will leave a log trail of whodonit for
later analysis in the event o a problem.

sudo is even better! It keeps a log of every command run as root through
sudo. Very usefull for backtracking through a screwup!

On Thu, 2003-08-07 at 20:02, David Corbin wrote:
> On Thursday 07 August 2003 19:28, Transam wrote:
> > On Thu, Aug 07, 2003 at 07:25:17AM -0400, David Corbin wrote:
> > ...
> >
> > > > > I then use ssh to access machine O,
> > > > > where I cannot launchan X application.
> >
> > You then su?  That's a no-no.  Use ssh to the local system instead.
> > This should solve your problem.
> 
> Other than the fact that what I want to do doesn't actually work, why is su a 
> no-no?
> 
> >
> > > > >T ----via KDM----  P  ----ssh -X----O
> > > > >
> > > > >Thanks for the help.
> > > > >David
> >
> > Bob Toxen
> > bob at verysecurelinux.com               [Please use for email to me]
> > http://www.verysecurelinux.com        [Network&Linux/Unix security
> > consulting] http://www.realworldlinuxsecurity.com [My book:"Real World
> > Linux Security 2/e"] Quality Linux & UNIX security and SysAdmin & software
> > consulting since 1990.
> >
> > "Microsoft: Unsafe at any clock speed!"
> >    -- Bob Toxen 10/03/2002
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics) <jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 

 This is a digitally signed message part

More information about the Ale mailing list