[mythtv-users] mythtv-setup and X forward

Michael T. Dean mtdean at thirdcontact.com
Sat Aug 25 12:38:28 UTC 2007 

On 08/25/2007 05:05 AM, Justin The Cynical wrote:
> Joacim J wrote:
>   
>> A bit of stupid question...
>> I have a klient and a server both running Kubuntu Feisty.
>> I have now compiled MythTV on the server for running mythbackend but now I
>> need to run mythtv-setup.
>>
>> I have tried running it over VNC but get:
>>
>> ======================================
>> root at frodo:/home/joacim# /usr/local/mythtv_svn_r14230/bin/mythtv-setup
>> Xlib: connection to ":1.0" refused by server
>> Xlib: No protocol specified
>>
>> mythtv-setup: cannot connect to X server :1.0
>> ======================================
>>
>> How can I run this?
>>
>> Is it possible/better to start mythtv-setup from a regular SSH session and
>> in that case how?
>>
>> PS. I would prefer to solve VNC since I need it for other purposes but it's
>> most important to get it running :) DS
>>     
>
> Easy.
>
> Before suing over to root, run:
>
> xhost +
>
> Then su over to root and run the command.
>   

A FAR more secure approach is to /never/ do an "xhost +",
su/sudo/ksu/... to root and execute (once--you'll never have to do it
again on the same machine):

cp ~mythtv/.Xauthority ~

Then run the command (ensuring you specified the proper DISPLAY).

> The X windows system display security in based on user privs more than 
> the machine and display.  The xhost + command turns off the X display 
> security allowing any user on the system (or machine on your LAN) to run 
> a program and have any X output show up on your display.
>   

Exactly. :)

> Of course, the user or machine has to specifically point their display 
> environment variable to your active X display, but it /might/ be 
> something to keep in mind.

The root user has permissions to the local X display, but /must/ have a
protocol specified in his/her/its(?) X Authority configuration.  Once
the protocol is there, the specific value of the key (most likely a MIT
magic cookie) is irrelevant, so after creating a .Xauthority file, root
is good as long as you continue to use the same protocol.

Non-root users, however, must have the current authorization key for the
running display.  And, speaking of which, running mythtv-setup as a
non-root user (same you use for mythbackend) may be a good idea if you
run mythbackend as a non-root user.

Mike

More information about the mythtv-users mailing list