| |
 |
|
|
Linux Forum Index » Linux X » Very strange thing -- Running X programs owned by...
Page 1 of 1
|
| Author |
Message |
| Ignoramus22807... |
 Posted: Mon Aug 04, 2008 4:18 pm |
|
|
|
Guest
|
Since we had much success (performance improvements) by moving the
"corporate server apps" to Linux, the eyes now turn to the "user GUI",
which happens to be very network intensive and even more CPU
intensive. This is not your typical "forms application". This is a app
that uses the computer a lot.
Anyway. Thinking about how to deploy it, I think that it would be
cleaner if the apps were running under a userid different from the
user's own userid.
This way, the user would have his own shit, whatever he wants, and our
corporate apps would live under a separate account and be managed by
our scripts, cron jobs etc, which the user cannot fsck up even if he
wanted to.
The catch, of course, is that these are GUI apps and would run on the
user's desktop, but under the effective user id of the separate
management account, not the user.
The user would have an icon that he could click to bring up the app,
or maybe it would be autostarted from the management account's
crontab.
To get this to work, some sort of magic would need to be done with
"xauth" or some such, does anyone know how to get user A to open a
window on a terminal owned by user B?
Speed is of the essence and using ssh -Y is out of question.
--
Due to extreme spam originating from Google Groups, and their inattention
to spammers, I and many others block all articles originating
from Google Groups. If you want your postings to be seen by
more readers you will need to find a different means of
posting on Usenet.
http://improve-usenet.org/ |
|
|
| Back to top |
|
| Michael C.... |
| Posted: Mon Aug 04, 2008 4:18 pm |
|
|
|
Guest
|
["Followup-To:" header set to alt.os.linux.ubuntu.]
On Mon, 04 Aug 2008 16:18:17 -0500,
Ignoramus22807 <ignoramus22807 at (no spam) NOSPAM.22807.invalid> wrote:
Quote: Since we had much success (performance improvements) by moving the
"corporate server apps" to Linux, the eyes now turn to the "user GUI",
which happens to be very network intensive and even more CPU
intensive. This is not your typical "forms application". This is a app
that uses the computer a lot.
Anyway. Thinking about how to deploy it, I think that it would be
cleaner if the apps were running under a userid different from the
user's own userid.
I'm not sure what you mean by cleaner.
Quote: This way, the user would have his own shit, whatever he wants, and our
corporate apps would live under a separate account and be managed by
our scripts, cron jobs etc, which the user cannot fsck up even if he
wanted to.
This could also be done by storing all data and config files where the
local user is unable to write to them. If you have the source
available for the program(s), you can ignore user config files and
rely on system config files for the app(s) by patching the software.
Quote: The catch, of course, is that these are GUI apps and would run on the
user's desktop, but under the effective user id of the separate
management account, not the user.
So you want to create a security problem? If you run a program as a
different user, everything that program does is done as that user.
Quote: The user would have an icon that he could click to bring up the app,
or maybe it would be autostarted from the management account's
crontab.
To get this to work, some sort of magic would need to be done with
"xauth" or some such, does anyone know how to get user A to open a
window on a terminal owned by user B?
Speed is of the essence and using ssh -Y is out of question.
Good luck, but I think you're barking up the wrong tree.
JMTC,
Michael C.
--
mjchappell at (no spam) verizon.net http://mcsuper5.freeshell.org/
To hell with circumstances; I create opportunities. - Bruce Lee |
|
|
| Back to top |
|
| jebblue... |
| Posted: Mon Aug 04, 2008 6:20 pm |
|
|
|
Guest
|
On Mon, 04 Aug 2008 16:18:17 -0500, Ignoramus22807 wrote:
Quote: To get this to work, some sort of magic would need to be done with
"xauth" or some such, does anyone know how to get user A to open a
window on a terminal owned by user B?
Speed is of the essence and using ssh -Y is out of question.
http://ubuntuforums.org/archive/index.php/t-266443.html
Scroll down to mlind's comment. The users can be regular, not root.
Remember to do a "chmod +r /tmp/display" so userb can read the file.
Maybe usera should also do a "shred -u /tmp/display" after userb has
xauth merged the cookie.
And I did try first, "xhost +userb at (no spam) $HOSTNAME" which was accepted but
did not yield the ability for userb to run an X app.
--
// This is my opinion. |
|
|
| Back to top |
|
| Trevor Best... |
| Posted: Tue Aug 05, 2008 2:00 am |
|
|
|
Guest
|
On Mon, 04 Aug 2008 16:18:17 -0500, Ignoramus22807 wrote:
Quote: To get this to work, some sort of magic would need to be done with
"xauth" or some such, does anyone know how to get user A to open a
window on a terminal owned by user B?
sux
--
A Freudian slip is when you say one thing but mean your mother. |
|
|
| Back to top |
|
| h.stroph... |
| Posted: Tue Aug 05, 2008 3:55 am |
|
|
|
Guest
|
In news:pan.2008.08.05.07.00.05.30012 at (no spam) besty.org.uk,
Trevor Best <newsreply at (no spam) besty.org.uk> typed:
Quote: To get this to work, some sort of magic would need to be done with
"xauth" or some such, does anyone know how to get user A to open a
window on a terminal owned by user B?
sux
It sure does. Better to rewrite the app. to include the necessary security
measures. |
|
|
| Back to top |
|
| Niklaus Kuehnis... |
| Posted: Tue Aug 05, 2008 4:43 am |
|
|
|
Guest
|
In alt.os.linux.ubuntu h.stroph <me at (no spam) privacy.net> wrote:
Quote: In news:pan.2008.08.05.07.00.05.30012 at (no spam) besty.org.uk,
Trevor Best <newsreply at (no spam) besty.org.uk> typed:
To get this to work, some sort of magic would need to be done with
"xauth" or some such, does anyone know how to get user A to open a
window on a terminal owned by user B?
sux
It sure does. Better to rewrite the app. to include the necessary security
measures.
*huh* Nice one.
$ apt-cache search sux
sux - wrapper around su which will transfer your X credentials
--
Niklaus |
|
|
| Back to top |
|
| Mark Hobley... |
| Posted: Tue Aug 05, 2008 5:56 am |
|
|
|
Guest
|
In comp.os.linux.misc Ignoramus22807 <ignoramus22807 at (no spam) nospam.22807.invalid> wrote:
Quote: Anyway. Thinking about how to deploy it, I think that it would be
cleaner if the apps were running under a userid different from the
user's own userid.
The application executable files should belong to root. This way they
are not use modifiable, and the root account is the currently the only
account that is protected by "squashing" over a network file system.
Applications running as root, can drop their privileges to any account
name, and permissions can be configured to allow only certains users to
be able to start and stop them.
I think you need to study users and groups again. You can achieve what
you desire using these mechanisms, I am certain.
Regards,
Mark.
--
Mark Hobley,
393 Quinton Road West,
Quinton, BIRMINGHAM.
B32 1QE. |
|
|
| Back to top |
|
| jebblue... |
| Posted: Tue Aug 05, 2008 6:00 pm |
|
|
|
Guest
|
On Tue, 05 Aug 2008 09:43:23 +0000, Niklaus Kuehnis wrote:
Quote: $ apt-cache search sux
sux - wrapper around su which will transfer your X credentials
That should be better than:
1) "xauth extract"
2) scp to taarget user
3) "xauth merge"
--
// This is my opinion. |
|
|
| Back to top |
|
| |
|
Page 1 of 1
All times are GMT - 5 Hours
The time now is Fri Nov 21, 2008 8:37 pm
|
|