[sf-lug] root, X11 8-O (was: GKsu has long been EOLed)
Michael Paoli
Michael.Paoli at cal.berkeley.edu
Mon Feb 18 18:03:53 PST 2019
Yup, ... I quite like, and (sparingly) use (if/as warranted) with
root, ... ssh for relatively simplicity and general applicability,
including remote if/when appropriate.
And ... the bit I showed - don't need any ssh for that, so also
quite handy for the purely local, we don't have/need or want
to fire up ssh (or ssh is some nastily restricted mess that we
can't even use locally at all for some root bit(s)).
Not bad to know both ... "just in case" - even if mostly one's only
using one.
> From: "Rick Moen" <rick at linuxmafia.com>
> Subject: Re: [sf-lug] root, X11 8-O (was: GKsu has long been EOLed)
> Date: Sat, 16 Feb 2019 18:29:49 -0800
> Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):
>
>> Feel free to comment on the great/horrible security, etc.
>> (dis)advantages to the above approach (and other bits I mentioned about
>> specific X access/permissions) ... and, apologies that I've not already
>> (or at least not recently) looked on Rick's relevant web page to see if
>> that might already be covered there.
>
> Roping in virt-manager for the task isn't covered, but the rest of what
> you mention of messing with the DISPLAY variable and grabbing and
> reusing the MIT magic cookie (traditionally using xauth) is covered --
> because that's the primordial solution, after all.
>
> It was always messy and fiddly enough, especially having to work around
> permission issues, etc., that it inspired creation of all
> of those X11-forwarding wrapper tools (including GKsu), specifically to
> avoid having to think about that stuff and get it right. (ssh -Y
> root at localhost) has the same no-brainer appeal.)
>
> Personally, I like simple and reliable and easy to understand and
> works-everywhere-there's-ssh. ;->
More information about the sf-lug
mailing list