[Techtalk] root/.xauthSYI7C2 and 20 more just like it

Rasjid Wilcox rasjidw at openminddev.net
Mon Nov 24 19:38:19 EST 2003 

On Monday 24 November 2003 12:12, ed orphan wrote:
> Could someone tell me where these files comes from
> and what they do? I'm running Linux Red Hat 7.3
> and I have about 20 of these files under root:
>   /root/.xauthxxxxxx
>  I read a few of them and they all seem to be
> more or less the same one line with a lot of gibberish:
>   blah blah localhost.localdomain blah blah MIT-MAGIC-COOKIE-1
>   blah blah blah
> What's an MIT-MAGIC-COOKIE-1 ?  Where do they
> come from and what do they do?

I can't claim to know the full and gory details, but it is part of the X 
authentication and security process.

Basically, with a standard setup, each X session has a 'magic cookie' that, in 
theory, only the owner of that particular X session has access to, and that 
you need to connect to a particular X session.

One of the differences I have noticed between RedHat and SuSE, is that with 
RedHat the users magic cookie's are also copied into the root directory.

With RedHat, I can
$ su root
# xcdroast
and it will work.

On SuSE, however:
$ su root
# xcdroast
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified
Gtk-WARNING **: cannot open display: :0

I can fix this by grabbing my normal users magic cookie, and copying it into 
root's home directory.
# cp /home/rasjidw/.Xauthority /root
# xcdroast
now works.

Note that this will only keep working for that current Xsession.  (If root 
will always be logging on as a known ordinary user first, then you could set 
up a symlink.)

Anyway, the point is that Redhat hides all this from you.  With RedHat, root 
can always display a program on any users X session.  The way it does this is 
by automatically creating those magic cookies in /root.  And clearly it 
doesn't always clean up afterwards.

Someone who knows more about Xsecurity could give a more authoratitive answer, 
but I don't have any reason to believe that those left over cookies are a  
big problem.  OTOH, deleting any older than the last time you logged on will 
definitely not cause a problem, and may be a good thing.  Deleting all of 
them will mean that root will not be able to run an X based program, until of 
course root grabs the current cookie, or you disable security checking by 
running
$ xhost +localhost (as your normal user, not root!)
or the next time you log in (and Redhat's process create a new cookie for 
root).

From memory, Redhat uses a slightly random name for each cookie (to avoid the 
clashes in /root that would result otherwise), so the straight copy of 
.Xauthority given above for SuSE will not work.  (OTOH, in general it does 
not need to.)

Also see:
man Xsecurity
man Xhost
man Xauth

I hope this make things a bit clearer.

Cheers,

Rasjid.

-- 
Rasjid Wilcox
Canberra, Australia (UTC +10 hrs)
http://www.openminddev.net

More information about the Techtalk mailing list