SUMMARY: Message Broadcast

From: LLOYD DIPPLE (ldipple@hmiller.com)
Date: Fri Apr 28 1995 - 10:39:58 CDT


original question:

<*>Sun-Managers,
<*>
<*> I am running OpenWindows v3.0. I would like to be able to run a
<*>script that would allow me to display windows on a given sparc station
<*>on the network. Presently I just have the following line in everyones
<*>.login file.
<*>
<*> xhost +
<*>
<*>This works ok but, I think that there should be an entry that I could put
<*>in a file that would allow certian machines to display windows on the
<*>machine.
<*>
<*>for example. I have one computer named ncpro and another named ncpro3
<*>I wnat to be able to display windows on ncpro3 from ncpro. What do I
<*>need to do to ncpro3 to allow ncpro access to do this.

I should have sent a more descripticve example of what I was actually
doing. The xhost + in the .login files was actually xhost +ncpro. I
appoligize for putting xhost +, It seemed to scare some people that I was
doing just xhost +. I apprieciate all of your concerns. Please rest
assured that I would never use just xhost +.

Thanks again to all whom replied.

I would like to thank J. Bern. The example of how to do this with a
script was very usefull.

here are some of the comments that I recieved:

From: Lenny Turetsky <lturetsk%econ.yale.edu%internet.hmiller.com@internet>
Subject: Re: Message Broadcast

Look at xauth(1).

From: Dave Fetrow <fetrow%biostat.washington.edu%internet.hmiller.com@internet>
Subject: Re: Message Broadcast

> This works ok but, I think that there should be an entry that I could put
> in a file that would allow certian machines to display windows on the
> machine.

 No, it doesn't work OK. You have made it possible for EVERYONE ON THE
INTERNET WITH AN X DISPLAY TO READ THE SCREEN. Not a good idea!

 xhost +ncpro

From: "Brian T. Wightman" <wightman%sol.acs.uwosh.edu%internet.hmiller.com@internet>
Subject: Re: Message Broadcast

I would strongly recommend that you do not use xhost + on any machine.
Xhost + allows any machine on the internet to connect to your x terminal,
and also allows them to read or write to any client of that terminal. At
the very least, I would suggest doing

ncpro3% xhost +ncpro

This will only allow all users on ncpro to be able to display (and read)
your (ncpro3) screen. An even safer way is to use xauth, which allows
only the user with an entry in their ~/.Xauthority file that matches the
xconsole's session cookie to attach.

If you want only yourself (the user on console) to be able to display
windows from remote hosts, and you do not share a NFS mounted home
directory with the remote host, then you need to use xauth to extract the
session cookie from the openwindows/X session, and add that to the remote
hosts database (see xauth list and xauth add). If you want everyone on
the remote host to be able to display windows on your (the user on
console) screen, then xhost +remote.host.name is probably sufficient.
Just don't use xhost +. This is asking for trouble if the hosts can be
reached from any other network.

From: bern%penthesilea.uni-trier.de%internet.hmiller.com@internet (Jochen Bern)
Subject: Re: Message Broadcast

*If* you want to do this as root *and* root has complete Access to
every User's Data on all Hosts (another Security Risk, but not a gaping
Hole waiting to swallow you off the Face of the Earth), then write a
Script working along these Lines:

1) Check whether there's OpenWindows running on the Console in the
   first Place
2) If so, get the Owner of /dev/console (which should be the User
   logged into it, or root if there's nobody)
3) setenv XAUTHORITY ~${USER}/.Xauthority
4) setenv DISPLAY ${MACHINE}:0 (note that you need to do this even
   if you're logged into that Machine)
5) Fire up the Window

From: mike_wagner%il.us.swissbank.com%internet.hmiller.com@internet (Mike Wagner)
Subject: Re: Message Broadcast

Yes, instead of xhost + execute the following:

        on ncpro3
                xhost - (This will disable all hosts)
                xhost +ncpro (This will enable only ncpro, no others)

Any further questions type: man xhost.

From: barmar%nic.near.net%internet.hmiller.com@internet
Subject: Re: Message Broadcast

In article <199504211721.AA04348@ergon.hmiller.com> you write:
>for example. I have one computer named ncpro and another named ncpro3
>I wnat to be able to display windows on ncpro3 from ncpro. What do I
>need to do to ncpro3 to allow ncpro access to do this.

Create the file /etc/X0.hosts on ncpro3, and put "ncpro" in it. This file
is the default xhost list.

panic dump??? who is this panic and why are they dumping!!!

-----------------------------------------------------------------
Lloyd E. Dipple MS0152 Internet: ldipple@hmiller.com
Mfg. Engineer, Sys Admin
Herman Miller, Inc.
Holland, MI 49464
-----------------------------------------------------------------



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:23 CDT