Re: [gdm-list] Why do GDM 2.22.0 set xauth file owner as login user

["simon zheng sun com" <Simon Zheng Sun COM>]

Ray,

On Wed, 2008-05-21 at 13:00 -0400, Ray Strode wrote:
> Hi Simon,
> 
> > On GDM 2.22.0, I noticed the owner of X authority file is set as login
> > user.
> >
> > -rw-------    1 gdm      gdm            52 May 21 23:27
> > auth-cookie-XX37TRBU-for-gdm
> > -rw-------    1 zheng    other          52 May 21 23:28
> > auth-cookie-XX5YOJBU-for-zheng
> >
> > Looking into source, X authority file is forced to set as login user
> > when launching Xserver. On older V2.20, it's "root:root". Since Xorg
> > process is run as root, why do we need this special setting. Might be I
> > miss something. I'm confused where requires this setting. Any answer?
> The X authority file is a generated "password" between X clients and
> the X server.  It's how the server knows it can trust a client
> connecting to it.  The X clients need to be able to read the
> "password" so they can authenticate with the server.

Make sense. User xauth file requires this permission.

> 
> Is this causing a problem?

I'm not sure what's right access permission "/var/run/gdm" on Solaris.
Checking with old gdm, xauth file seems to be stored in /var/lib/gdm.
And access permission of "/var/lib/gdm" is "01770". New GDM moves xauth
file to "/var/run/gdm". "01770" looks no longer suitable. Also, I
notice Fedora set as "01777". So "01777" is mandatory on GDM 2.22,
right?

In additions, like "/tmp", "/var/run" will be cleaned and removed when
you reboot on Solaris. This is different from Linxu. We probably need to
created this dir once it doesn't exist.



> 
> --Ray