Summary: VNC, Solaris 7 and /tmp/.X11-unix

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I received several replies. Most people make Xvnc SGID root. One
person made /tmp/.X11-unix world writeable. No one noted any security
concerns either way. Thanks for the replies.

I made mine SGID root. Since /tmp uses tmpfs in virtual memory, I
guess I'd need an /etc/rc script that set the permissions each time the system
boots. One person noted that /tmp/.X11-pipe potentially had the same permission
problems.

Replies from:

"Patrick L. Nolan" <pln@razzle.stanford.edu>
"Matthew Stier" <Matthew.Stier@fnc.fujitsu.com>
Hanspeter Roth Bsag <roth@bsag.ch>
Frank Velazquez <frank@hwdev.icn.siemens.com>

-- 
paul e. bloch, network administrator    phone:  +1 541 346 4451
department of computer science          email:  paul@cs.uoregon.edu          
1202 university of oregon               fax:    +1 541 346 5373
eugene OR 97403-1202 USA              
Original question posed on Wednesday, 10 May 2000:
We would like to use VNC in our Solaris 7 environment.  The problem 
is that VNC wants to make a socket in /tmp/.X11-unix which isn't 
writeable by others.
drwxrwxr-x   2 root     root         104 Apr 29 18:54 /tmp/.X11-unix/
There are a couple of relevant answers in the VNC 
FAQ <http://www.uk.research.att.com/vnc/faq.html>:
Q12 I get errors like "failed to bind listener" and "Failed to
establish all listening sockets" in the log file.
    This is probably due to the permissions on /tmp/.X11-unix. You may
    well see this if you update to Solaris 2.7 or Redhat 6.0, for
    example. See the section below entitled "Why can I only run vncserver/
    Xvnc as root?".
Q21 Why can I only run vncserver/Xvnc as root? 
    The most likely reason for this is that Xvnc can't create the unix
    domain socket (the path for this unix domain socket is usually 
    /tmp/.X11-unix/Xn). Try making sure that users can write to this 
    directory by making it world-writable, i.e.
    chmod 01777 /tmp/.X11-unix
    An alternative is to set the Xvnc binary to have the same permissions
    as your normal X server, but this may be more of a security risk.
This problem seems new to Solaris 7 (and exists on Solaris 8 as 
well).  So what do I do?  Make /tmp/.X11-unix writeable by others?  
Make vncserver SGID root?  Why did Solaris 7 and (apparently) 
Redhat 6.0 make this more restrictive.  Should I recompile VNCserver 
to us a different directory?   Maybe /tmp/.vnc?
VNC Homepage: <http://www.uk.research.att.com/vnc/>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:08 CDT