root user, graphical programs

Pieter Donche Pieter.Donche at ua.ac.be
Fri May 15 08:38:42 UTC 2009 

No luck (yet)
I tried both methods, (with xpdf as a graphical program)
The first still gives 
# xpdf
Can't open display

The second method
# xpdf
No protocol specified
Error: Can't open display:  :0.0

(after su -, $HOME was indeed /root)
(in /root .Xauthority was changed/created, $DISPLAY is :0.0)


On Fri, 15 May 2009, Matthew Seaman wrote:
> Pieter Donche wrote:
>> FreeBSD 7, KDE 3.5
>> To install Matlab (in linux compat mode), one must execute the
>> matlab install program as root. The installer is graphical.
>> When from a KDE terminal window, I switch to root (# su -)
>> and try a graphical program, e.g.  # xpdf, I get Can't open display.
>> The FreeBSD handbook (10.5.1) says in that case type setenv HOME ~USER
>> (USER the username where the su command was given). This doesn't help
>> I still get Can't open display.
>> 
>> What's wrong and how to solve it?
>
> That's the standard X Windows security stopping other users opening windows
> on your screen.  In this case, something like:
>
>  % xhost +LOCAL:
>  % su
>  # {...whatever you need to do to install your app...}
>  # exit
>  % xhost -LOCAL:
>
> However be aware of the risks: xhost +LOCAL: means that any other user
> of the same machine can access your display and potentially capture any
> input including (for instance) the root password.
>
> Hmmm... Actually, a more secure means of doing the same thing, that only
> grants access to your display by the local root user would be:
>
>  % xauth extract - $DISPLAY > ~/authtoken
>  % su -
>  # echo $HOME
>
> (This should return /root -- this is important so that the correct 
> .Xauthority
> file gets updated.)
>
>  # xauth merge /home/your-uid/authtoken
>  # rm /home/your-uid/authtoken
>  # setenv DISPLAY :0.0
>  # {...whatever you need to do to install your app...}
>
> Now any X programs run by root will open on your display.  To revoke this
> permission you can simply remove /root/.Xauthority or for finer grained
> control you can use
>   # xauth remove $DISPLAY
>
> 	Cheers,
>
> 	Matthew
>
> -- 
> Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
>                                                 Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
>                                                 Kent, CT11 9PW
>
>

More information about the freebsd-questions mailing list