s i s t e m a o p e r a c i o n a l m a g n u x l i n u x | ~/ · documentação · suporte · sobre |
Next
Previous
Contents
10. Advanced X UsageThere's a lot to learn about X, a lot of info buried in the inscrutible land of man pages, a lot of things most folks don't bother reading. Some if it is rather important, and it's easy to make some mistakes, and get completely stuck. It can be much harder to build a program in X, or check the security of X, or many other things, because X and all the things that run on top of it are so vast. This section is an attempt to cover some of the more advanced and confusing situations that may arise.
10.1 Libraries and Compiling X ApplicationsSooner or later you will have to deal with compiling applications of your own. Later, if you just installed a nice distribution of linux, and are happy with what you've got, sooner, if you're the kind of person who likes to tinker and install. Remember, this is a privilege, not a right, so have fun with it! First, a few pointers on compiling programs with X. Many newer
applications, GNU applictions in particular, come with a script in the
root directory called configure. This assumes of course that
you've extracted the file and are in the directory. This program should
be run as You may have to do a little more tinkering if you do not have a
configure script available. Many X programs require you to run
a
program to make the Makefile, called Sometimes you will have run the configure script, and have been warned that you lack a library that would be helpful or necessary to properly use that application. For instance, I recently installed the xscreensaver application, and found that it would support several 3D modes if the Mesa library was installed. If you run into this situation and want that library installed, the first thing you should do is check the CD or installation media for your Linux distribution to see if you have the library on there. That may save you lots of trouble trying to compile the library. Once you get a library compiled and installed and ready to use, you can
go
back to the directory you were installing your X program from, remove
the
10.2 Basic X SecurityIt has often been said that X has a very simple security model: All or Nothing. This is not much of an exaggeration at all. X can be configured to use somewhat sophisticated security, via encryption, but that is beyond the scope of this HOWTO (for the present). It is assumed that the user is not using any encryption for this discussion. First of all, you should try and follow some simple rules when you're
compiling programs for X (or for any reason, really). Try not to
become root any more than necessary. Configure your programs as a
normal user with the The next thing to think about is running X software as root. Realize that X is more or less inherently insecure, and if your primary concern for a particular Linux box is security, you really don't want to install X at all! Having said that, some folks want to run nice fancy configuration programs or package management tools in X. I do not recommend starting X as root. It's just not a good idea. There's much, much better ways to do these things! If you want to run an X application as root, just log in under your
normal user account, and launch it from there. As I mentioned above,
you don't want to be logged in as root any more than absolutely
necessary. The root user has the ability to do just about anything on
the system, including about a million ways to destroy it
completely. Simply go to your xterm or such application and
type in a command such as Tomasz Motylewski also offers the following tip for ssh and ssh-agent lovers. If you put the following in your /usr/X11R6/lib/xinit/Xclients file:
That is, replace your standard It should be noted that this is a suggestion from the reader, and the
author has no experience with ssh at the present, so proceed
at
your own risk! More recent Linux distributions allow for setting up
ssh automatically, via
10.3 More About X AuthorityThe mysteries of user authentication in X are a prime example of the security problems many users encounter with X. Tomasz Motylewski relates the following story, which sums up the situation quite well. ``...in the default XFree86 configuration X session started by ``startx'' accepts commands from everyone connecting from localhost. If you start X as user1 and you have user2 remotely logged in, user2 has full access to your keyboard and desktop (once my friend played a joke on me and put in his cron commands dumping my X desktop image and sending to him every hour). I did not notice it for 2 weeks!'' Well that's not exactly a good thing, but unfortunately many readers have this exact problem. Tomasz goes on to point out that if you use xdm to log in (as detailed earlier in this HOWTO), rather than just running startx, this won't be a problem because access is controlled by the xauth program. By issuing the xhost command, you can see who is allowed access to your X session. Any user from the hosts that are listed in the output of the xhost command is authorized full access to your screen and keyboard. If you want to start your X server in a secure fashion from the command
line, you will need to make the following modifications to your
configuration. First, modify startx (probably at
/usr/X11R6/bin/startx) by changing the last line Then you will also need to edit your .xinitrc or your system-wide /usr/X11R6/lib/xinit/xinitrc (whichever you are actually using, probably the one in your home directory), by adding this at the beginning of the file:
Always be sure and run xhost to check the security that you have configured, to make sure everything is working correctly.
Next Previous Contents |