From owner-freebsd-questions  Wed Feb 13  7:11:37 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from snipe.prod.itd.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62])
	by hub.freebsd.org (Postfix) with ESMTP id 0691337B4A5
	for <freebsd-questions@freebsd.org>; Wed, 13 Feb 2002 07:09:36 -0800 (PST)
Received: from dialup-63.208.71.107.dial1.chicago1.level3.net ([63.208.71.107] helo=there)
	by snipe.prod.itd.earthlink.net with smtp (Exim 3.33 #1)
	id 16b12K-0007d5-00; Wed, 13 Feb 2002 07:09:33 -0800
Content-Type: text/plain;
  charset="iso-8859-1"
From: Bob Giesen <BobGiesen@earthlink.net>
To: Brian T.Schellenberger <bts@babbleon.org>,
	"theVanguardian" <theVanguardian@yahoo.com>,
	<freebsd-questions@FreeBSD.ORG>
Subject: Re: 2 Questions - Be Careful!
Date: Wed, 13 Feb 2002 09:09:41 -0600
X-Mailer: KMail [version 1.3]
References: <000001c1b44a$78ec0d80$7d2b2c42@anant> <20020213051555.86A7E407B@i8k.babbleon.org>
In-Reply-To: <20020213051555.86A7E407B@i8k.babbleon.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <E16b12K-0007d5-00@snipe.prod.itd.earthlink.net>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

> > 2.	I'm running GNOME as a normal non-root user, but for some
> > reason, whenever I try to run an X app from the terminal window
> > as root, I get the error "Connection to :0:0 refused by server,
> > Client is not authorized to connect to server" or something to
> > that affect. For
>
> xhost +
>
> from the account of whoever started up the X session.

   This will work as it is -- and is absolutely okay if you are not 
on a network -- but do not just enter "xhost +" all by itself if you 
are on a network and you don't want everyone else to be able to see 
what you are doing.  "xhost +," all by itself, opens your X processes 
up to everyone on the network, making it a simple matter for them to 
capture your activities -- so far as to actually see your screen 
exactly as you see it (with some performance degradation... hint, 
hint).
   If you only want to run some X app's locally and you want to keep 
some semblance of security, I'd recommend running "xhost + 
`hostname`" so as to only allow acces to other users ("root" being an 
"other" user, of course, when you're logged in as a regular user) to 
use your display.  (Of course, you can type your actual hostname 
instead of `hostname` -- but if you log into different machines from 
the same account and frequently have need of running X apps this way, 
you might considre putting that verbatim into a script -- perhaps 
even a login script.

-- 
"Diligence is the mother of good luck." -- Benjamin Franklin 
(1706-1790)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message