1748122 Members
3323 Online
108758 Solutions
New Discussion юеВ

Re: Xclock not working

 
SOLVED
Go to solution
1221
Advisor

Xclock not working

Hi,

 

I was trying to install oracle on my HP-UX 11.31 machine, the "root" can open Xclock but "Oracle" user cannot open Xclock, display setting is correct.

 

$ export DISPLAY=10.144.110.139:0.0

 

$ echo $DISPLAY

 

$ xclock
Error: Can't open display: 10.144.110.139:0.0

 

10.144.110.139 is my machine's IP, where I have started Xmanager.

 

I opened Xterminal from Xmanager, the root's session can start xclock

 

# xhost
access control disabled, clients can connect from any host
INET:10.144.110.139
INET:192.168.220.1
INET:192.168.106.1


# xclock


# echo $DISPLAY
10.241.16.135:11.0

 

10.241.16.135 is the IP of the server, and this session can open Xclock but Oracle user's session cannot open xclock

 

Thanks in Advance.

 

3 REPLIES 3
1221
Advisor

Re: Xclock not working

$ echo $DISPLAY
10.241.16.135:12.0:0.0

 

$

 

$ xclock
Error: Can't open display: 10.241.16.135:12.0:0.0

Matti_Kurkela
Honored Contributor
Solution

Re: Xclock not working

> # echo $DISPLAY
> 10.241.16.135:11.0

>

> 10.241.16.135 is the IP of the server, and this session can open Xclock

 

Looks like SSH X forwarding is in effect: the $DISPLAY on the remote host is pointing to a X forwarding proxy initiated by sshd, by request of the SSH client. The two-digit display number (11 here) is the clue.

 

The network might be firewalled so that SSH connections from your workstation to TCP port 22 on the server are allowed, but "raw" X11 connections from the server back to TCP port 6000 of your workstation (for DISPLAY 0.0) are being dropped. If that's true, the only way to get a X11 connection is through SSH X forwarding.

 

(That's enforcement of a good security policy, by the way: "raw" X11 is definitely not secure enough by modern standards. It's way too easy to monitor or even manipulate a raw X11 session.)

 

The easiest way around the problem would probably be to just make the SSH connection as the user you ultimately want to be. If you want to run an X11 application as user "oracle", make the SSH connection as "oracle" with the X forwarding enabled, and SSH will automatically handle everything for you.

 

From your problem description, you're logging in as root and then using "su - oracle" or similar to transition to another user account. Am I correct?

 

If that's true, and you need/want to keep doing that, you will need to transfer two things from the root user to the oracle user. You must do this again in each new login session, since these things will be generated dynamically for each session:


  1. the value of the $DISPLAY variable, exactly as the root user has it on the current session. No changing the IP address, no adding ":0.0" at the end. Just make sure the Oracle user gets it exactly as it is.
  2. the ~/.Xauthority file in the root's home directory, or more precisely, the "magic cookie" in it that acts as a X connection key. When the SSH connection was established by the root user, sshd set it up for you - but if you use su or similar commands to switch to another user, you must make the key accessible to the target user.

You don't have to copy root's .Xauthority file to oracle's home directory, although you can do it that way too if you want. If you have the .Xauthority file in some other location, you can use the XAUTHORITY environment variable to tell the X11 applications where it is.

 

Example:

# echo $DISPLAY
10.241.16.135:11.0
# cp $HOME/.Xauthority /var/tmp/root.Xauthority
# chown oracle /var/tmp/root.Xauthority
# su - oracle

[... standard login messages ...]

$ export DISPLAY=10.241.16.135:11.0
$ export XAUTHORITY=/var/tmp/root.Xauthority
$ xclock

 

From your second post:
> $ echo $DISPLAY
> 10.241.16.135:12.0:0.0

 

That is not correct $DISPLAY syntax. This is not going to work.

MK
1221
Advisor

Re: Xclock not working

Thanks for nice explanation,

port 6000 is blocked in the firewall, xclock is working with "X11 forwardng" enabled.