Re: [gdm-list] Why do GDM 2.22.0 set xauth file owner as login user

["simon zheng sun com" <Simon Zheng Sun COM>]

Hi Ray,

On Wed, 2008-05-21 at 14:14 -0400, Ray Strode wrote:
> Hi,
> 
> > Also, I
> > notice Fedora set as "01777". So "01777" is mandatory on GDM 2.22,
> > right?
> Right, every X client needs read access to their associated cookie
> file, and furthermore, need write access to /var/run/gdm for libXau
> locking.
> You could probably get away with 1773 without problems.

Talking with Brian, he stated "normal users shouldn't be able to access
the /var/run/gdm directory. This is where GDM stores the Xauth keys so
that GDM can interact with any Xsession it starts if needed." If so,
"root:gdm" ownership and "1770" permissions is right.

On the other hand, X client xauth file is stored at "$HOME/.Xauthority
on old GDM. It could save each key for per-display. For example,

# /usr/openwin/bin/xauth -f /export/home/zheng/.Xauthority list
goalkeeper:0  MIT-MAGIC-COOKIE-1  ccf5f7e6dff8cbf8e6d5c1cfd4fedbc9
goalkeeper/unix:0  MIT-MAGIC-COOKIE-1  884828afe2aafe458dea03cf0d74d007
localhost.localdomain/unix:0  MIT-MAGIC-COOKIE-1
884828afe2aafe458dea03cf0d74d0

However, GDM 2.22.0 takes a new way, a new xauth file is created for
each time calling "AddUserAuthorization", There's always only one entry
in file. This might be difficult to support multiple displays. It would
be better if we could copy Xauth key to "$HOME/.Xauthority" like old
GDM 2.20. Any idea?

-Simon

> 
> > In additions, like "/tmp", "/var/run" will be cleaned and removed when
> > you reboot on Solaris. This is different from Linxu. We probably need to
> > created this dir once it doesn't exist.
> Makes sense.  I don't think anyone would mind if you committed a patch
> to do that.
> 
> --Ray
> _______________________________________________
> gdm-list mailing list
> gdm-list gnome org
> http://mail.gnome.org/mailman/listinfo/gdm-list