Jump to content

Quick sudo question


Recommended Posts

Hey guy,

 

As many of you may be aware, there's a problem with running Java apps while using compiz (or at least at the moment for FC6).

 

Anyway, I have set up sudo to allow my user like this:

 

<user>   ALL=(ALL) NOPASSWD: /usr/bin/Xnest

 

The reason I use no pass is because there's more than one command, and the ampersands screw with the password entry:

 

#!/bin/bash
sudo Xnest -ac :1 &
export DISPLAY=:1
metacity &
<app-name> &

 

The ampersands are necessary for this to work (as far as I know), by using NOPASSWD with Xnest am I leaving myself vulnerable? If so can anyone suggest how to ammend the script to get over the ampersand on line 1 from interfering with the password entry for sudo?

 

Cheers

 

EDIT

 

Wrong forum :unsure:, someone move to other distribs please :D

Link to comment
Share on other sites

If you're the only user on the machine, then I wouldn't say it would cause too much of a problem.

 

However, I'd be tempted to put:

 

localhost:1

 

instead. That way, you cannot get commands executed on remote machines when people use xhost to allow access from your machine. I'll explain:

 

I have a machine - 172.20.12.230 for example. I want to redirect X apps on here, to my machine - 172.20.12.17. So, on the server I would do:

 

export DISPLAY=172.20.12.17:0.0

 

to make sure it goes to the X Server I'm running on my laptop. Then on the laptop, I have to tell it to allow the connection:

 

xhost +172.20.12.230

 

to accept the incoming connection. With yours, it looks like it will go to all machines when you just use the ":1".

Link to comment
Share on other sites

Thanks for the tip, inserting localhost into the script works. I do wonder if my code example was misleading though, <user> is actually replaced by my username, there's only one other user, and that's my partner, and she doesn't tend to touch scripts at all. I am still curious though as to whether I can get the script to work with the password though. Anyone know what damage "could" be done, if any with a nested X server?

Link to comment
Share on other sites

I wouldn't have thought any damage, but if nested, then if the X server on 0.0 died, then you might lose the one you created on 0.1 with your script.

 

You can run multiple X servers, but of course, would mean a slow down on the machine, and I'd expect that the xnest is the best, if not the only real easy way to do it without frigging too much config to get them permanently running in multiples.

 

I'm no expert on this, just thinking of how i see it.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...