2012-10-25

Granting Root access to all XOrg / X11 Displays on a machine.

Jump here if you just want the code

xauth is hard

There are many techniques for allowing root ( or any other user ) to open programs on your display.

When not configured to do so, simple things don't work, and there are 2 general results you get:

No previous attempt at getting xauth based auth to work

> sudo gvim 
No protocol specified
E233: cannot open display
E852: The child process failed to start the GUI
No protocol specified
                                                                                             
Press ENTER or type command to continue

With Previous attempts at using xauth based auth

Invalid MIT-MAGIC-COOKIE-1 key
E233: cannot open display
E852: The child process failed to start the GUI
Invalid MIT-MAGIC-COOKIE-1 key


This case occurs I believe due to your X display having a unique authentication key per session.

But your display likely stores an Xauthority database somewhere on disk

I discovered this little gem when looking at some of the code VirtualGL/Bumblebee uses ( because it has to run a secret display as a different user, and that different user has to be able to write to your screen )
set_xauth() {

# common case (works in almost all tested environments (except of lightdm)):
XAUTHORITY="$(ps wwax -C X,Xorg -o args= --sort=-stime | grep -m 1 -o '\B[-]auth\s*/var\S*auth\S*' | cut -d ' ' -f 2)"

# kdm and some others:
# XAUTHORITY="$(find /var/run/xauth/A${DISPLAY}-*|tail -n1)"

# gdm:
# XAUTHORITY="/var/gdm/${DISPLAY}.Xauth"

# slim:
# XAUTHORITY="/var/run/slim.auth"

# lightdm:
# XAUTHORITY="/var/run/lightdm/root/${DISPLAY}"

}


And as I'm running kdm I took a look at the relevant command.

$ find /var/run/xauth/A${DISPLAY}-*|tail -n1
/var/run/xauth/A:0-xNjOfc


Aha. Useful.

sudo xauth -f /var/run/xauth/A\:0-xNjOfc  list
#ffff##:  MIT-MAGIC-COOKIE-1  711f067eae4ec73599dc38dbfaa164f0

Oh handy. That hex code is the key you need to access the relevant display :D.

$ xterm
Invalid MIT-MAGIC-COOKIE-1 key
xterm: Xt error: Can't open display: %s
$ xauth add :0 MIT-MAGIC-COOKIE-1 700f067eae4ec73599dc38dbe7a164f1
$ xterm 
$ # success!


Putting it all together

Here's a blob of shell script I have in /root/.bash_profile:
setup_xauth() {
 authfile=$( echo /var/run/xauth/A${DISPLAY}-* );
 if [ -z "${DISPLAY}" ]; then
  return
 fi
 if [ ! -f $authfile ]; then
  return;
 fi
 if [ ! -s $authfile ]; then
  return;
 fi
 authtoken=$( xauth -f "$authfile"  nlist | cut -d" " -f 9 );
 xauth add $DISPLAY MIT-MAGIC-COOKIE-1 $authtoken
}

setup_xauth;


Note, its essential that you check for read access to the file, especially if you plan on using this in a non-root users profile code.

If xauth can't read the authfile, it will just block and do nothing, and this is very bad to have in your profile.

Additionally, due to this being defined as a function, all roots shells will have a convenience function 'setup_xauth' that you can call at any time in the event you've had to change $DISPLAY, or in the event you want to access a local X display from a VT

export DISPLAY=:0
setup_xauth
gvim # gvim launches on :0 

2012-10-11

How to create files with a leading period in the filename with Microsoft Explorer

I have to post this, because this seems a very frequently asked question on the internet, and while there is a straight-forward solution, most people propose bizarre solutions that circumvent the problem by using some other tool.

If you dig deeper, you'll find working solutions in comments, but they're incomplete and its not obvious at first that it even works.

The Problem


The problem is simple: You wish to create a unix-style hidden file, such as ".htaccess" , ".gitignore", or ".netrc", or a unix-style hidden folder, for whatever reason.

While this is not a problem for literally any tool other than Windows Explorer, attempting to do this in Explorer yields the following error:

You must type a file name.
The Windows Explorer "Rename" Dialog showing the error "You must type a file name."

The Solution

Most proponents suggest strange solutions such as using cmd.exe or notepad to do your dirty work,  and even Microsoft Developers seem to think that letting Explorer do this is crazy and suggest using some other tool

However, all that is unnecessary.

All that is required is writing an additional dot ( period ) at the tailing end.

If you wanted '.htaccess', instead, write '.htaccess.'
If you wanted '.gitignore' , instead, write '.gitignore.'

Explorer will silently strip the last dot and give you the file name you wanted, with no fuss.

The Windows Explorer Rename Dialog showing the error "You must type a file name." as a result of the user specifying ".gitignore" as the file name

Windows Explorer prompting the user to confirm they want to change a file name extension, as a result of specifying the filename as ".gitignore."

Windows Explorer showing the successfully renamed file as ".gitignore" after confirming the file extension change, showing how the trailing period has been removed