Serverkill or shutdown problem with network X apps

der.hans plug-discuss@lists.PLUG.phoenix.az.us
Thu, 19 Apr 2001 01:17:41 -0700 (MST) 

Am 18. Apr, 2001 schwäzte proudhawk@uswestmail.net so:

> ok,
> I amgetting a rather strange problem...
> Under mandrake 7.2, I am getting the following message when I try to run
> other X apps from my other accounts under my main user account (not root):
> 
> "X connection to hostname:10.0 broken (explicit kill or server shutdown)"
> 
> I am using ssh tunneling for this..

Normally you shouldn't be able to tunnel back via ssh as another user. It
does work with the root account if you don't pick up root's environ when
you su, e.g. no dash. 

Locally other users don't have access to your .Xauthority file ( or at
least they shouldn't ).

From the xauth man page:

       $HOME/.Xauthority
               default   authority   file   if  XAUTHORITY  isn't
               defined.

The .Xauthority contains the key to your display. If a process can't get
info from it, it can't talk to the X display.

OTOH, you could add local: to your xhosts.

xhost + local:

That allows anyone on the local machine to talk to your local X server.

Now on to the ssh part :).

"xauth info" will tell you where your shell is trying to get those magic X
entries from. Mine is saying something about a cookies file in a directory
under /tmp.

su'ing to another user causes the "xauth info" and "xauth list" commands
to time out while trying to open the cookies file. I presume making the
/tmp/ssh-* dirs and the cookies files world readable would allow non-root
users access, but I think that would probably be the wrong thing to do.

Personally, I would try to find a way to not need other users to toss X
apps back accross the tunnel.

Barring that, maybe make the above info readable by some group and giving
all your other users access to that group.

> this problem hardly ever cropped up in redhat 7.0 but I now get it
> on all network based apps (netscape, xchat, kmail, etc).
> 
> I've checked to make sure that my configs for ssh are correct.
> no joy there, they are.
> 
> not only does this happen internal on my own box now, but it also happens
> when accessing remote shell accounts that have X apps....
> 
> It either has to be the sshd here or the X server here.

You had probably opened access to your X server. If you dash into account
with su, then you most certainly had opened your X server. If so, you also
weren't tunneling stuff.

ciao,

der.hans
-- 
# der.hans@LuftHans.com home.pages.de/~lufthans/ www.Aligo.com
#  Science is magic explained. - der.hans