Re: One more comment (and apology)

From: Ian Collier <Ian Collier comlab ox ac uk>
To: gnome-list gnome org
Subject: Re: One more comment (and apology)
Date: Mon, 18 Feb 2008 12:06:28 +0000

On Fri, Feb 15, 2008 at 05:15:13PM -0500, Brian J. Murrell wrote:
> On Fri, 2008-02-15 at 14:02 -0800, Clark Dunson wrote:
> > 1) After using sethostname, GNOME will not start a new terminal.
> 
> This is most likely an /etc/hosts issue with the new name.

Actually it's almost certainly to do with X11 authority (which is
something that existed long before GNOME).

If the OP is still with us, here's an explanation...

If you type "xauth list" you will likely get something of the form:

pixie.comlab/unix:0  MIT-MAGIC-COOKIE-1  12312312312312312312312312312312
localhost.localdomain/unix:0  MIT-MAGIC-COOKIE-1 12312312312312312312312312312312

These are the credentials that X11 clients must supply in order to be
allowed access.  You can turn this security feature off using the xhost
program, but that is strongly disrecommended because then anyone can
start an X11 client that monitors your screen or captures your typing.
(At least you probably have a firewall turned on that prevents access
from other computers, don't you?).  And xhost only works if you already
have access to the X server, so can't be used after the fact.

The Xauthority for local access is done by hostname so that if you
log into different machines with the same home directory (if it is
NFS mounted, for example) then the credentials for those machines
don't clash.  (For network access it uses IP addresses.)

If you change the hostname of your machine then X11 clients are no
longer able to look up your credentials, so access fails.  You ought
to be able to see this if you type "gnome-terminal" at a command line
(assuming you have command line to type it at).

$ gnome-terminal
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified

You can fix this with:

$ xauth add newname/unix:0 MIT-MAGIC-COOKIE-1 12312312312312312312312312312312

where the details after "xauth add" are cut-and-pasted from what
"xauth list" reported for your old hostname, but with the new hostname
substituted.

Very recent X servers can get around this issue with

$ xhost +SI:localuser:myusername

but I'm not sure when that was introduced.  It allows any process
owned by "myusername" on the local machine to access the X server
without supplying the Xauthority credentials.

imc

References:
- One more comment (and apology)
  - From: Clark Dunson
- Re: One more comment (and apology)
  - From: Brian J. Murrell

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]