Linux X11 Forwarding with SU Switch User

Smart Panda - Linux Console

Linux X11 Forwarding with SU Switch User

Over the years access is often granted to one of the administrative users and then once we are on the server we have to switch user to another account to do the technical services work. This creates a problem with X11 Forwarding and so this is one work around to the problem. X authentication is based on cookies. So the secondary account needs to have access to the same cookies as the original login user.

Here is a nice easy way to do this.  This was done on an AIX 7.1 server:

Before you issue the su or sudo, request the xauth cookies and look for the current DISPLAY that’s connecting to your X server:

$ xauth list
You’ll get something like

somehost.somedomain:10 mit-magic-cookie-1 4d22408a71a55b41ccd1657d377923ae

Then, execute a switch user (su) and add the cookie to that user:

$ xauth add somehost.somedomain:10 MIT-MAGIC-COOKIE-1 4d22408a71a55b41ccd1657d377923ae

(just copy’n-paste the output of the above ‘xauth list’ onto ‘xauth add’) That’s it. Now, you _should_ be able to start any X application.

Oracle Database on RHEL 6.5 x86_64

When starting the install of Oracle Database Server there always seems to be a few items that either you are just suppose to know or you spend a day banging your head against the wall trying to figure out what you need to do to get the install up and running.

First item, is creating a database user and group for the install. Do this as the root user:

# groupadd -g 1001 oinstall
# groupadd -g 1002 dba
# useradd -u 1002 -g oinstall -G dba oracle
# passwd oracle

Next, you need to setup X11 forwarding. Modify the /etc/ssh/ssh_config file to allow forwarding: ForwardX11 yes. I personally use BitVise SSH Client and Xming in order to access my SSH environments. In the Xming client, I change the offset to 10 from the default of 0. In the SSH Client, enable X11 Forwarding and set it to On the Unix box, install the xauth rpm using yum install xauth. Connect as the oracle user (or psoft) and create the xauthority file, command: xauth add . 12345678900987654321123456789009 – you should be able to validate that x11 works by running xclock – if you see a clock, you are golden! If you see the error: Warning: Cannot convert string “” to type XftFont, do a yum install xorg-x11-fonts*

Firewalls can be a bit of a problem, and you will want to make sure that the iptables firewall allows the database to talk to machines that will be connecting to the database. In this example is my application server connecting to the database server

-A INPUT -s -p tcp -m state –state NEW,ESTABLISHED -m tcp –dport 1521 -j ACCEPT
-A OUTPUT -s -p tcp -m state –state ESTABLISHED -m tcp –dport 1024:65535 –sport 1521 -j ACCEPT

RPMs need to installed in order to make the install work correctly, you can manually do everything or you can automate the application by:

# cd /etc/yum.repos.d
# wget –no-check-certificate
# yum install oracle-rdbms-server-11gR2-preinstall
wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle –no-check-certificate

RPM Libraries need to be installed in order to make the OUI work:
compat-libstdc++-33-3.2.3 (32 bit)
glibc-2.5-24 (32 bit)
glibc-devel-2.5 (32 bit)
libaio-0.3.106 (32 bit)
libaio-devel-0.3.106 (32 bit)
libgcc-4.1.2 (32 bit)
libstdc++-4.1.2 (32 bit)
libstdc++-devel 4.1.2

X11 Forwarding – SSH using XMING

After many years of working with PeopleSoft I try not to get to worried about the little things, because so much changes every day that you could lose your mind trying to keep track of it all.

I was doing an install of the Oracle Database software on a new RHEL 5.8 server the other day and I could not get my X11 forwarding working.  Now I don’t claim to be an expert in SSH and never will be, but I use the Bitvise Tunnelier and then use XMing for the SSH/X11 client software.  On this server I had setup the SSH Daemon to run X11 forward on using the default off-set 10.  This basically means that the communication for X11 will be on port 6010 instead of 6000. This means that your display variable will need to be set differently.  This is the export command I used:

export DISPLAY=localhost:10.0

In a lot of cases it will just show you 0.0, but because of the offset you need to change to 10.0 when using the off-set of 10. When setting up my SSH connection in Tunnelier, under the terminal tab, you need to enable X11 forwarding, and you will need to change your Display variable appropriately, in my case I was using the offset: 10, so I entered:

Lastly, I found that the XMing client defaults to NO offset, so when I launched XMING launch, on the first page it asks what the offset should be be.  Once I changed that to 10, everything started working great.

It should also be noted that if you are using a firewall (in my case iptables) you will want to make sure port 6010 is open correctly if using the ssh-offset 10.

The common error I got with this configuration being wrong as: Windows TCP error code 10061.