基于Xorg的Linux桌面环境（三）

概要

这一部分主要研究X Window System的远程连接和鉴权机制。

涉及这几个概念或程序。

Xsession - initialize X session
xhost - server access control program for X
Xsecurity - X display access control
xauth - X authority file utility

本地用户ypl将自己的X Client连接到在lpy所登录的GUI环境中

背景

根据 Xsession中的文档，得知Xsession执行过程包括这样一个文件，其功能是为本地同一用户赋予X Server的访问权限。

/etc/X11/Xsession.d/35x11-common_xhost-local
              Give access to the X server to the same user on the local  host.   If  the
              xhost  command  is  available,  it will use it to allow any process of the
              same user running on the local host to access the X server.

而这个文件的内容如下：
它所做的事情就是使用 xhost +si:localuser:$(id -un) 命令允许当前用户添加到访问控制列表中。

# This file is sourced by Xsession(5), not executed.

# If xhost (from x11-xserver-utils) is installed, use it to give access 
# to the X server to any process from the same user on the local host.
# Unlike other uses of xhost, this is safe since the kernel can check 
# the actual owner of the calling process.

if type xhost >/dev/null 2>&1; then
  xhost +si:localuser:$(id -un) || :
fi

xhost命令简介如下：

NAME
       xhost - server access control program for X

SYNOPSIS
       xhost [[+-]name ...]

DESCRIPTION
       The  xhost program is used to add and delete host names or user names to the list
       allowed to make connections to the X server.  In the case of hosts, this provides
       a  rudimentary form of privacy control and security.  It is only sufficient for a
       workstation (single user) environment, although it does limit the  worst  abuses.
       Environments which require more sophisticated measures should implement the user-
       based mechanism or use the hooks in the protocol for passing other authentication
       data to the server.

看到这里的时候，我并不确定本地其它用户能否不经配置就将自己的X Client连接至其它用户登录时系统所创建的X Server。

尝试直接连接

尝试切换用户然后直接连接，结果如下，报错 No protocol specified。

使用xhost授权

再次连接

就可以正常启动了。