Accessing X11 Display

por | 7 abril, 2015

Accessing X11 Display

The X server controls which clients can access the server. Clients with access to the server can display windows or images on your screen, receive keyboard input, monitor mouse movement, and interact with the other clients on the system. The Trusted Extensions feature of Oracle Solaris adds security features to prevent labeled clients from accessing the X11 display beyond their security range. For more information, see the Trusted Extensions Label Administration.

By default, the Oracle Solaris Desktop is configured to grant access to the X server and clients run by the user by storing a randomly generated cookie value in a file. The client applications require this value to open a new connection to the X server. This value is stored in the file referenced by the $XAUTHORITY environment variable, which is set automatically by the GNOME Display Manager when you start your session. If you start applications from other display environments, you might need to copy the $XAUTHORITY variable to that environment before clients can be started to authenticate.

For detailed information about the X11 display access, see the xhost(1), xauth(1), and Xsecurity(5) man pages.

Providing Other User Accounts With Access to Your Display

To allow another user ID on the local system to access your display, use the si:localuser option of the xhost(1) command.

The following example shows how to configure your user account with the correct rights profile and run the SMF Services Visual Panels user interface.

Example 12-2 Allowing the root Account to Display GUIs

[email protected]:~$ xhost +si:localuser:root
[email protected]:~$ su 
Password: 

/**Visual Panel GUI**/
# /usr/bin/vp svcs

Note – If you use the su command to reset the environment variables, you will need to set the DISPLAY environment variable in the su session to match the DISPLAY variable set in the original user’s environment.

[email protected]:~$ xhost +si:localuser:root
    [email protected]:~$ echo $DISPLAY
:11

[email protected]:~$ su
Password:

# export DISPLAY=:11
# /usr/bin/vp svcs