I received several replies. Most people make Xvnc SGID root. One
person made /tmp/.X11-unix world writeable. No one noted any security
concerns either way. Thanks for the replies.
I made mine SGID root. Since /tmp uses tmpfs in virtual memory, I
guess I'd need an /etc/rc script that set the permissions each time the system
boots. One person noted that /tmp/.X11-pipe potentially had the same permission
"Patrick L. Nolan" <email@example.com>
"Matthew Stier" <Matthew.Stier@fnc.fujitsu.com>
Hanspeter Roth Bsag <firstname.lastname@example.org>
Frank Velazquez <email@example.com>
-- paul e. bloch, network administrator phone: +1 541 346 4451 department of computer science email: firstname.lastname@example.org 1202 university of oregon fax: +1 541 346 5373 eugene OR 97403-1202 USA
Original question posed on Wednesday, 10 May 2000:
We would like to use VNC in our Solaris 7 environment. The problem is that VNC wants to make a socket in /tmp/.X11-unix which isn't writeable by others.
drwxrwxr-x 2 root root 104 Apr 29 18:54 /tmp/.X11-unix/
There are a couple of relevant answers in the VNC FAQ <http://www.uk.research.att.com/vnc/faq.html>:
Q12 I get errors like "failed to bind listener" and "Failed to establish all listening sockets" in the log file.
This is probably due to the permissions on /tmp/.X11-unix. You may well see this if you update to Solaris 2.7 or Redhat 6.0, for example. See the section below entitled "Why can I only run vncserver/ Xvnc as root?".
Q21 Why can I only run vncserver/Xvnc as root?
The most likely reason for this is that Xvnc can't create the unix domain socket (the path for this unix domain socket is usually /tmp/.X11-unix/Xn). Try making sure that users can write to this directory by making it world-writable, i.e.
chmod 01777 /tmp/.X11-unix
An alternative is to set the Xvnc binary to have the same permissions as your normal X server, but this may be more of a security risk.
This problem seems new to Solaris 7 (and exists on Solaris 8 as well). So what do I do? Make /tmp/.X11-unix writeable by others? Make vncserver SGID root? Why did Solaris 7 and (apparently) Redhat 6.0 make this more restrictive. Should I recompile VNCserver to us a different directory? Maybe /tmp/.vnc?
VNC Homepage: <http://www.uk.research.att.com/vnc/>
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:08 CDT