In the last episode (May 29), Daniel Llewellyn said: > On Fri, May 29, 2009 at 05:17, Chris Mirchandani <novashadow@xxxxxxx> wrote: > > OK, I found one hole in this script. If I ssh in as any user, the script does what it is supposedto do and the DISPLAY variable value is left as set by ssh. However, if I su -l to another userDISPLAY=192.168.11.1:0.0. If I su to the same user without -l the DISPLAY variable value is leftas set by ssh when the initial user was logged in. Any ideas and/or suggestions? > > I wouldn't have said that was a hole "per se", more a "feature" with the > way that `su -l` is designed to work. The point of the -l switch is that > the environment is set from a clean slate when entering the new user > context. This means that any pre-existing DISPLAY variable will be > blanked out along with the rest of the new shell's environment. Then > /etc/profile is run through to set up the initial environment for said new > shell, which will detect the lack of DISPLAY variable and set up the > default (192.168.11.1:0.0). That depends; some systems have a pam_xauth module that preserves $DISPLAY, copies your current xauth key to a file readable by target user, and points $XAUTHORITY at the temp file. Handy when you're su'ing to root to run a graphical installer. -- Dan Nelson dnelson@xxxxxxxxxxxxxxx
