connection to ":0.0" refused by server

Ivan Kohler ivan-bad@sisd.com
Sat, 17 Jul 1999 02:59:29 -0400


On Wed, Jul 14, 1999 at 08:07:02AM -0700, Chris Waters wrote:
> Alan DuBoff <maestro@SoftOrchestra.com> writes:
> 
> > When I su to another user on the system (inside a terminal), I get the
> > following error when trying to run an X app:
> 
> > Xlib: connection to ":0.0" refused by server
> 
> > I can do this on Red Hat, but not Debian.
> 
> Really?  Solaris, HP/UX, and every other Unix I've ever used will do
> the same thing as Debian here.  I'm a bit appalled to hear of a system
> that doesn't refuse the connection.  No professional quality system
> would do such a thing.  Obviously, RH doesn't fall into that category.
> 
> > How can I change this setting for Xlib?
> 
> First of all, do *not* follow the advice that someone else posted of
> using "xhost +".  This is a *major* security hole.  In fact, the xhost
> program is pretty much nothing but a security hole.  (RH probably
> either does this or the slightly less insane "xhost +localhost" by
> default, which is still extremely bad.)
> 
> Instead, browse /usr/doc/X11/FAQ, paying particular attention to the
> question labeled: "How do I run an X client as root when the X session
> is run by a user?"

It is worth noting that this question is in unstable, but not stable.

>  Or, if you want all the gorey details, read the
> xauth(1x) man page.
> 
> A quote from the FAQ:
> 
> "Finally, you should NEVER, EVER use the xhost command to manage X server
> access control unless you know exactly what you are doing (even then,
> there's hardly ever a good reason short of seeing just how many ways the
> security of your system can be compromised)."
> -- 
> Chris Waters   xtifr@dsp.net | I have a truly elegant proof of the
>       or    xtifr@debian.org | above, but it is too long to fit into
> http://www.dsp.net/xtifr     | this .signature file.

-- 
Ivan Kohler <ivan@sisd.com> - finger for PGP key - <moc.dsis@navi> Relhok Navi
Open-source billing and administration for ISPs - http://www.sisd.com/freeside
20 4,16 * * * saytime # please don't be surprised if you find me dreaming too