Re: How to transfer X11 auth across sudo invocation

On Feb 27, 7:29 pm, lahuman9 <lahum...@xxxxxxxxx> wrote:
On Feb 27, 7:40 pm, "david.karr" <davidmichaelk...@xxxxxxxxx> wrote:



On Feb 27, 4:31 pm, lahuman9 <lahum...@xxxxxxxxx> wrote:

On Feb 27, 7:23 pm, "david.karr" <davidmichaelk...@xxxxxxxxx> wrote:

On Feb 27, 4:02 pm, lahuman9 <lahum...@xxxxxxxxx> wrote:

On Feb 27, 4:59 pm, "david.karr" <davidmichaelk...@xxxxxxxxx> wrote:

On Feb 27, 1:38 pm, "Bruce" <n...@xxxxxxxx> wrote:

"david.karr" <davidmichaelk...@xxxxxxxxx> wrote in message

news:6f74dba1-a91c-4ad7-a5e2-58a0c24a9696@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I connect from my Windows box to a AIX 5.3 box using SecureCRT, which
allows the transfer of X11 packets to my local box.

When I log in as myself into the box, with my local Cygwin-provided X
server running, I can display windows perfectly fine.

However, if after logging in, I then "sudo" to an administrative
account and then try to run something that tries to display windows,
it says that it can't connect.

I tried doing "env | sort" from both my user account and the
administrative account, to compare the differences. On the admin
shell, I set the following env vars from their value on my user
account:

DISPLAY, SSH_AUTH_SOCK, SSH_CLIENT, SSH_CLIENT, SSH_CONNECTION,
SSH_TTY

However, it still fails to connect. I imagine that one of these
variables is "tied" to my user account somehow, and won't work if I
just copy the value over (probably a good idea :) ).

So, what can I do to facilitate this connection from the admin account
to my local box's X server?

export DISPLAY?

I exported all of those variables I indicated that I set, including
DISPLAY.- Hide quoted text -

- Show quoted text -

before you sudo:
"xauth list"
copy that, then sudo,
as new user, "xauth add <the output of the above xauth list>"
"export DISPLAY=" the original DISPLAY variable, which is also in the
output of the xauth list command

voila

I'm not certain exactly what you mean by this. For context, we'll
call my X server box "laptop", and the box I'm trying to run the Xwin
app on as "unixbox".

I have my Cygwin X server running on "laptop". I've logged into
"unixbox" from "laptop" (using SecureCRT), with the "forward X11
packets" flag set on.

When I log into "unixbox" and run "xauth list", I see output like the
following:

unixbox/unix:10 MIT-MAGIC-COOKIE-1 <longhexstring1>
unixbox/unix:11 MIT-MAGIC-COOKIE-1 <longhexstring2>
unixbox/unix:12 MIT-MAGIC-COOKIE-1 <longhexstring3>
unixbox/unix:13 MIT-MAGIC-COOKIE-1 <longhexstring4>
unixbox/unix:14 MIT-MAGIC-COOKIE-1 <longhexstring5>
unixbox/unix:15 MIT-MAGIC-COOKIE-1 <longhexstring6>

I'm not exactly sure how to pass this to "xauth add" after the sudo,
and the DISPLAY variable value is not in this output, although that's
the easiest variable to copy, as it was only set to "localhost:10.0"
before the sudo.- Hide quoted text -

- Show quoted text -

ok example

xauth list
sudo -u whomever
xauth add "unixbox/unix:10 MIT-MAGIC-COOKIE-1 <longhexstring1>"
DISPLAY=unixbox/unix:10; export DISPLAY
run your x app

So when I start out, my DISPLAY is set to "localhost:10.0", and
running "xterm" on "unixbox" displays the window on "laptop".

I then run "xauth list" and get that list of 6 lines. I then sudo to
the admin account. I do:

xauth add "<first line of previous xauth list output>"

It said:

1356-364 xauth: creating new authority file $HOME/.Xauthority
xauth: (argv):1: 1356-353 bad "add" command line- Hide quoted text -

- Show quoted text -

here's the part where you type "man xauth" and find what format aix
xauth
wants it in. the method works for both solaris and hp-ux

I had read it, but I didn't notice that the double quotes were making
it a single argument.

In any case, it now doesn't complain about the syntax of add. It says
it created the authority file. I then set the DISPLAY to the
DisplayName value that I added and exported it, and then ran xterm.
It still says:

xterm Xt error: Can't open display: unixbox/unix:12

Note that the actual name of the box is a fully-qualified host name
(along with the resulting display name), with periods in it. I assume
that wouldn't matter?
.

Relevant Pages

  • Re: Display Names After Account Migration
    ... especially if there are a large number of user account. ... 298882 The new command-line tools for Active Directory in Windows Server ... best be addressed in the Developer newsgroups. ... |> Active Directory Users and Computers, the Display Name ...
    (microsoft.public.windows.server.migration)
  • Re: How to transfer X11 auth across sudo invocation
    ... server running, I can display windows perfectly fine. ... administrative account, to compare the differences. ...
    (comp.unix.aix)
  • Re: POP3 Connector
    ... Small Business Server\Networking\POP3\Incoming Mail folder? ... Does the issue happen when other POP3 user account receive mail from ... Re-register the POP3 Connector event sink in Microsoft Internet ... Enable subject logging and display. ...
    (microsoft.public.windows.server.sbs)
  • Re: How to transfer X11 auth across sudo invocation
    ... server running, I can display windows perfectly fine. ... administrative account, to compare the differences. ...
    (comp.unix.aix)
  • RE: How to Retrieve and diplay the details in the form
    ... the generated ac_no textbox and created a combo box in f1 and bounded to ... but when i change the account number the appropriate fields are not changing. ... a simple query in textbox of ac_no keypress/enter event to run a query ... and get the values of d1 and display in other fields in the form. ...
    (microsoft.public.access.queries)