connection to ":0.0" refused by server

[Chris Waters]

Alan DuBoff <maestro@SoftOrchestra.com> writes:

> When I su to another user on the system (inside a terminal), I get the
> following error when trying to run an X app:

> Xlib: connection to ":0.0" refused by server

> I can do this on Red Hat, but not Debian.

Really?  Solaris, HP/UX, and every other Unix I've ever used will do
the same thing as Debian here.  I'm a bit appalled to hear of a system
that doesn't refuse the connection.  No professional quality system
would do such a thing.  Obviously, RH doesn't fall into that category.

> How can I change this setting for Xlib?

First of all, do *not* follow the advice that someone else posted of
using "xhost +".  This is a *major* security hole.  In fact, the xhost
program is pretty much nothing but a security hole.  (RH probably
either does this or the slightly less insane "xhost +localhost" by
default, which is still extremely bad.)

Instead, browse /usr/doc/X11/FAQ, paying particular attention to the
question labeled: "How do I run an X client as root when the X session
is run by a user?"  Or, if you want all the gorey details, read the
xauth(1x) man page.

A quote from the FAQ:

"Finally, you should NEVER, EVER use the xhost command to manage X server
access control unless you know exactly what you are doing (even then,
there's hardly ever a good reason short of seeing just how many ways the
security of your system can be compromised)."
-- 
Chris Waters   xtifr@dsp.net | I have a truly elegant proof of the
      or    xtifr@debian.org | above, but it is too long to fit into
http://www.dsp.net/xtifr     | this .signature file.