$XAUTHORITY should move into $XDG_RUNTIME_DIR
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lightdm (Ubuntu) |
Triaged
|
Medium
|
Unassigned |
Bug Description
Historically, the X authority file was placed into $HOME/.Xauthority such that X11 clients on remote servers could access it in environments in which $HOME is located on a network file system.
Today, this practice has become an anachronism that causes far more problems than it solves:
a) Remote X11 clients are typically started today via "ssh -X", which emulates its own X11 server port $DISPLAY and therefore always creates its own X authority file entry on the remote server. Therefore, there is no longer any practical benefit from having the X authority file located in $HOME.
b) If $HOME is on a network file system that implements "root squash", then commands such as "sudo xterm" or "sudo wireshark" won't work to start an X client with root privileges, as root is not able to read ~/.Xauthority via NFS. :-(
c) If $HOME is on a network file system with Kerberos authentication, then users can easily get locked out by their screensavers once the Kerberos ticket expires. This is because some screen lockers (e.g., gnome-screensaver) invoke a separate utility (e.g., /usr/lib/
Both b) and c) are regular reasons for support requests in educational/
The solution is simple. Instead of $HOME/.Xauthority, just use in future $XDG_RUNTIME_
According to https:/
On modern Linux systems, pam_systemd usually creates XDG_RUNTIME_
(Note that according to https:/
Feature request: please provide an option for LightDM to do the equivalent of
export XAUTHORITY=
chmod +t $XAUTHORITY
and encourage Linux distribution maintainers to set this option by default, such that ~/.Xauthority is no longer used.
Changed in lightdm (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Medium |
As a workaround, install the attached shell script as
/etc/ X11/Xsession. d/10local- xauthority
It uses xauth to merge ~/.Xauthority into $XDG_RUNTIME_ DIR/xauthority and then updates XAUTHORITY to point at that location.
(Note that the "xauth merge" command will leave a warning such as "xauth: file /run/user/ 1597/xauthority does not exist" in ~/.xsession- errors. )
In the long run, it would of course be more elegant if LightDM (and other display managers) created the X authority file there in the first place.