与xhost比起来,xauth是一种较为安全的授权方式。
从原则上来说,普通用户必须经过授权才能使用某个display,但一般来说,Linux系统都会进行预先的设置,对于全局环境变量的这一个DISPLAY,
# set | grep -i display
DISPLAY=:0.0
任何用户都无需经过授权,只要startx,就可以在家目录中自动产生.Xauthority文件并完成授权,顺利进入Xwindow,只是这个初始过程需要一点时间。当一个display正在被一个用户使用,那么就会在/tmp目录下产生一把锁,如果使用它的用户不退出,其它用户别想进入这个display。
如果是非全局环境变量的display,则不得不对普通用户有一个授权的方式,以便普通用户在进入Xwindow的时候可以指定进入此display。
授权方式的基本过程如下:
# xauth -f ~user_a/.Xauthority
xauth: creating new authority file /home/user_a/.Xauthority
Using authority file /home/user_a/.Xauthority
xauth> help
add dpyname protoname hexkey add entry
exit save changes and exit program
extract filename dpyname... extract entries into file
help [topic] print help
info print information about entries
list [dpyname...] list entries
merge filename... merge entries from files
nextract filename dpyname... numerically extract entries
nlist [dpyname...] numerically list entries
nmerge filename... numerically merge entries
quit abort changes and exit program
remove dpyname... remove entries
source filename read commands from file
? list available commands
generate dpyname protoname [options] use server to generate entry
options are:
timeout n authorization expiration time in seconds
trusted clients using this entry are trusted
untrusted clients using this entry are untrusted
group n clients using this entry belong to application group n
data hexkey auth protocol specific data needed to generate the entry
xauth> info
Authority file: /home/user_a/.Xauthority
File new: yes
File locked: no
Number of entries: 0
Changes honored: yes
Changes made: no
Current input: (stdin):1
xauth> generate :0.0
authorization id is 91
xauth> list
taurus/unix:0 MIT-MAGIC-COOKIE-1 0b093c3e6a711d680674235012340652
xauth> add :0.0 MIT-MAGIC-COOKIE-1 0b093c3e6a711d680674235012340652
xauth> info
Authority file: /home/user_a/.Xauthority
File new: yes
File locked: no
Number of entries: 1
Changes honored: yes
Changes made: yes
Current input: (stdin):20
xauth> exit
Writing authority file /home/user_a/.Xauthority
阅读(4052) | 评论(0) | 转发(0) |