[Bug 2440] New: X11 connection will fail if user's home directory is read-only
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Aug 6 07:56:26 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2440
Bug ID: 2440
Summary: X11 connection will fail if user's home directory is
read-only
Product: Portable OpenSSH
Version: 6.8p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: huieying.lee at oracle.com
Created attachment 2680
--> https://bugzilla.mindrot.org/attachment.cgi?id=2680&action=edit
This patch is to change the location of the XAUTHORITY file from
~/.Xauthority to per session Xauh file in /tmp directory
If a user's home directory is read-only, then X11 connection will be
rejected because of wrong authentication. For example,
$ssh -l hylee_local a-server
Password:
Last login: Wed Aug 5 14:09:42 2015 from 10.132.148.106
/usr/bin/xauth: timeout in locking authority file
/export/home/hylee_local/.Xauthority
hylee_local$/usr/bin/xemacs /tmp/junk
X11 connection rejected because of wrong authentication.
...
The root cause of the problem is because the xauth program (invoked by
sshd) couldn't lock the non-writable the ~/.Xauthority file.
This is a serious problem on Solaris, because a writable home directory
isn't always available for root in an immutable zone.
We have resolved this problem by changing sshd to use a distinct
temporary X authority file for each session. This temporary Xauthority
file will be stored in the /tmp directory and it will be removed when
the session is closed.
Attached is our bug-fix patch file, which applies to OpenSSH6.8p1.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list