Re: [gentoo-dev] GnomeUI-WARNING

Re: [gentoo-dev] GnomeUI-WARNING

[Thomas T. Veldhouse]

This is one for gentoo-user.

However, the reason you are having trouble is that you seemingly started X
as a user and not as root.  Root does not have the right to X display
resources unless specifically added in.

Try:

$  xhost + root
$ su
# gvim /etc/make.conf

You only need to do the xhost command once.

Tom Veldhouse

----- Original Message -----
From: "John Nilsson" <pzycrow@hotpop.com>
To: <gentoo-dev@gentoo.org>
Sent: Friday, October 18, 2002 2:50 PM
Subject: [gentoo-dev] GnomeUI-WARNING


> what is this? The program starts ok, and I can save the file. Just this
> message I dont get.
>
> john@newkid john $ su
> Password:
> root@newkid john # gvim /etc/make.conf
>
> GnomeUI-WARNING **: While connecting to session manager:
> Authentication Rejected, reason : None of the authentication protocols
> specified are supported and host-based authentication failed.
> root@newkid john #
>
> /John
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@gentoo.org
> http://lists.gentoo.org/mailman/listinfo/gentoo-dev
>

[gentoo-dev] GnomeUI-WARNING

[John Nilsson]

what is this? The program starts ok, and I can save the file. Just this
message I dont get.

john@newkid john $ su
Password: 
root@newkid john # gvim /etc/make.conf

GnomeUI-WARNING **: While connecting to session manager:
Authentication Rejected, reason : None of the authentication protocols
specified are supported and host-based authentication failed.
root@newkid john # 

/John

[gentoo-dev] Re: GnomeUI-WARNING

[Thomas de Grenier de Latour]

On Fri, 18 Oct 2002 13:46:40 -0500
"Thomas T. Veldhouse" <veldy@veldy.net> wrote:

> This is one for gentoo-user.
> 
> However, the reason you are having trouble is that you seemingly
> started X as a user and not as root.  Root does not have the right to
> X display resources unless specifically added in.
> 

No, I think the app has access to X (it's just a warning, not an
error), but not to the gnome-session manager, because it's a user
session (gvim has probably been compiled with the "gnome" USE flag). To
disable the warning, try the"--sm-disable" option (should work with all
gnome apps).

-- Thomas.

Re: [gentoo-dev] GnomeUI-WARNING

[William Kenworthy]

xhost +localhost
su -
export DISPLAY=localhost:0.0

Using "su -", requires a display set.  Where does one put the xhost and
export in a generic sence?  I have a single user machine and often use a
number of x displays - how could I set up to do the above automaticly,
no matter which X dispaly I am on?

BillK




On Sat, 2002-10-19 at 03:50, John Nilsson wrote:
> what is this? The program starts ok, and I can save the file. Just this
> message I dont get.
> 
> john@newkid john $ su
> Password: 
> root@newkid john # gvim /etc/make.conf
> 
> GnomeUI-WARNING **: While connecting to session manager:
> Authentication Rejected, reason : None of the authentication protocols
> specified are supported and host-based authentication failed.
> root@newkid john # 
> 
> /John
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@gentoo.org
> http://lists.gentoo.org/mailman/listinfo/gentoo-dev
> 

Re: [gentoo-dev] GnomeUI-WARNING

[Troy Dack]

On Sat, 2002-10-19 at 09:45, William Kenworthy wrote:
> xhost +localhost
> su -
> export DISPLAY=localhost:0.0
> 
> Using "su -", requires a display set.  Where does one put the xhost and
> export in a generic sence?  I have a single user machine and often use a
> number of x displays - how could I set up to do the above automaticly,
> no matter which X dispaly I am on?
> 
> BillK

You really don't want that configured as a "default" it is not the most
secure idea.

A better alternative is to install ssh on the local machine, configure
public/private key pairs for your root account, make ssh only listen on
localhost (127.0.0.1), enable automatic X11 forwarding and then whenever
you want to run an X app as root do:

	ssh -X root@localhost /path/to/application

The overheads in running a ssh server are really not that much when you
are doing it on the local machine only.


-- 
	Troy Dack
	http://linux.tkdack.com

Re: [gentoo-dev] GnomeUI-WARNING

[Vitalyl Kushneriuk]

There's a pam module that can transfer your xauth info to the root
account during the "su" command. On RedHat or Mandrake, this actualy
works out of the box. I tried to configure it on my gentoo a while
ago, but gentoo pam support was in a processs of maajor updates then,
so I coudn't make it work, so I just added "xhost local:root" to my
user's X start scripts, and "export DISPLAY=:0" to my root's .bashrc
[ I use only one display on my lalaptop]

On Fri, 2002-10-18 at 21:50, John Nilsson wrote:
> what is this? The program starts ok, and I can save the file. Just this
> message I dont get.
> 
> john@newkid john $ su
> Password: 
> root@newkid john # gvim /etc/make.conf
> 
> GnomeUI-WARNING **: While connecting to session manager:
> Authentication Rejected, reason : None of the authentication protocols
> specified are supported and host-based authentication failed.
> root@newkid john # 
> 
> /John
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@gentoo.org
> http://lists.gentoo.org/mailman/listinfo/gentoo-dev
> 

Re: [gentoo-dev] GnomeUI-WARNING

[William Kenworthy]

I dont see ssh as being a good solution in this case.  On a firewalled
single user machine, the complexity of going through ssh (which seems to
have a patchy history as regards security itself) seems like it might be
more of a risk (i.e., misconfiguration, security holes etc) as well as
the inconvenience of an unwieldy command line compared to the
alternative - simplicity.

How does Mandrake, RedHat etc do this, as they work in the fashion I
desire?

I do use ssh in the above mode for external connections, but am
unconvinced it is useful or even adds anything but risky inconvenience
in a fully local mode.  I am convinced there is a point where security
can be overdone and be self-defeating in the long run.

BillK

On Sat, 2002-10-19 at 08:03, Troy Dack wrote:
> On Sat, 2002-10-19 at 09:45, William Kenworthy wrote:
> > xhost +localhost
> > su -
> > export DISPLAY=localhost:0.0
> > 
> > Using "su -", requires a display set.  Where does one put the xhost and
> > export in a generic sence?  I have a single user machine and often use a
> > number of x displays - how could I set up to do the above automaticly,
> > no matter which X dispaly I am on?
> > 
> > BillK
> 
> You really don't want that configured as a "default" it is not the most
> secure idea.
> 
> A better alternative is to install ssh on the local machine, configure
> public/private key pairs for your root account, make ssh only listen on
> localhost (127.0.0.1), enable automatic X11 forwarding and then whenever
> you want to run an X app as root do:
> 
> 	ssh -X root@localhost /path/to/application
> 
> The overheads in running a ssh server are really not that much when you
> are doing it on the local machine only.
> 
> 
> -- 
> 	Troy Dack
> 	http://linux.tkdack.com
> 
> 

Re: [gentoo-dev] GnomeUI-WARNING

[Matthew Kennedy]

William Kenworthy <billk@iinet.net.au> writes:

> xhost +localhost
> su -
> export DISPLAY=localhost:0.0
> 
> Using "su -", requires a display set.  Where does one put the xhost and
> export in a generic sence?  I have a single user machine and often use a
> number of x displays - how could I set up to do the above automaticly,
> no matter which X dispaly I am on?

I'm not a real expert on vim, but perhaps it has a feature where you
can edit a file as root from a vim session running as a normal without
explicitly su-ing anywhere. Kinda like Emacs's Tramp stuff;

	/[sm/root@localhost]/etc/make.conf

This is much more convenient than switching users/using a local ssh
connection etc. or playing with xhost authentication.

-- 
Matthew Kennedy
Gentoo Linux Developer

Re: [gentoo-dev] GnomeUI-WARNING

[Colin Morey]

On Sat, 2002-10-19 at 04:35, William Kenworthy wrote:
> I dont see ssh as being a good solution in this case.  On a firewalled
> single user machine, the complexity of going through ssh (which seems to
> have a patchy history as regards security itself) seems like it might be
> more of a risk (i.e., misconfiguration, security holes etc) as well as
> the inconvenience of an unwieldy command line compared to the
> alternative - simplicity.
> 
personally i find that "su" works, (without the - switch), so sudo su 
gives me a root shell, which i can normally run X stuff from.

Cheers,
Colin Morey

Re: [gentoo-dev] GnomeUI-WARNING

[Morten Liebach]

On 2002-10-23 12:05:44 +0100, Colin Morey wrote:
> On Sat, 2002-10-19 at 04:35, William Kenworthy wrote:
> > I dont see ssh as being a good solution in this case.  On a firewalled
> > single user machine, the complexity of going through ssh (which seems to
> > have a patchy history as regards security itself) seems like it might be
> > more of a risk (i.e., misconfiguration, security holes etc) as well as
> > the inconvenience of an unwieldy command line compared to the
> > alternative - simplicity.
> > 
> personally i find that "su" works, (without the - switch), so sudo su 
> gives me a root shell, which i can normally run X stuff from.

You'd probably want 'sudo -s'.


-- 
OpenPGP: 0xF1360CA9 -- 8CF5 32EE A5EC 36B2 4E3F  ACDF 6D86 BEB3 F136 0CA9
         Morten Liebach <m@mongers.org> -- http://m.mongers.org/