Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!elroy.jpl.nasa.gov!ames!bart!schoch From: schoch@starnet.com (Steve Schoch) Newsgroups: comp.windows.x Subject: Re: Questions on xdm and X authority Message-ID: <1991Jun6.000749.17779@starnet.com> Date: 6 Jun 91 00:07:49 GMT References: Reply-To: schoch@starnet.com (Steve Schoch) Organization: Starnet Communication Corporation, Santa Clara, CA Lines: 29 In article sachs@FID.Morgan.COM (Josef Sachs) writes: >Question 2: I'm using the MIT-MAGIC-COOKIE-1 authorization protocol > in my X server. I'd like root to be able to bring up a > client for issuing alert messages. He can do this by > setting XAUTHORITY to my .Xauthority file, but how can > he figure out what user is signed on via xdm, since the > X started by xdm is running as root? Alternatively, is > there some way the server can respect MIT-MAGIC-COOKIE-1 > but always allow connections from root clients? Under the current scheme, the X server has no way of knowing who is running the client because the user is not sent as part of the X connection startup. However, I suppose one could create a new authorization protocol that would check for a connection from a privledged socket (you couldn't do this for UNIX connections) and would then believe the username that this new authorization procotol sent. This would require adding this new protocol to both the server and the set-uid clients you want to be able to use it. There is an easier way. I'll assume when you sign on via xdm that you bring up an xterm window in your .xsession file. I'll also assume that on your system xterm writes to /etc/utmp so you show up as being logged in. The solution then is to have the alert program go through the utmp file until it finds a user logged in with ut_host set to ":0". It can then setenv XAUTHORITY to this user's home directory. Steve