Security

X Auth

xauth(1) is the new way to allow access to your X display. xauth(1) uses tokens (called cookies) to determine if a connection to the X server (eg XFree86) is allowed. These cookies are stored in the /.Xauthority file.

The old xhost(1) way of doing things is deprecated due to lack of security.

You need xauth(1) installed if you want to run graphical programs of a machine to a remote display (for example via X11 over ssh). Under DebianLinux (if you don't already have X installed) you need to

$ apt-get install xbase-clients

To view the individual cookies, you can do

$ xauth list

but you probably don't care about the data.

To run remote X clients, extract your xauth key from the local system, ssh into remote-host and merge it with the xauth information there.

$ xauth extract - $DISPLAY | ssh <remote-host> /usr/X11R6/bin/xauth merge -

Then you can ssh to the remote machine and run, say, an xterm to connect to my local display with a command like

ssh <remote-host> DISPLAY=$DISPLAY /usr/X11R6/bin/xterm &

Of course, you should do ssh-based X forwarding (see ssh(1) and/or SSHNotes for info), but that doesn't always work. xauth also works in other situations where ssh may not.

If your .Xauthority file gets wiped out (for example, your home directory's partition becomes full) then you won't be able to open any new X windows. Even xhost(1) won't help as it needs to authenticate to the Xserver before changing permissions

$ xhost + Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server xhost: unable to open display ":0.0"

The only solution (I've found) is to log out and re-start your X session. However, if you are cunning, you might be able to get the cookie from one of your currently running processes, especially an ssh connection with X forwarding (do xauth list on the remote machine). After getting some free disk space again, use the xauth merge command as above.

Preventing the server from listening for TCP connections

The stock XFree86 startx(1) script assumes that you want X listening on port 6000. On the common standalone desktop machines, this is an unnecessary potential security risk. To disable this behaviour, edit /usr/X11R6/bin/startx, changing the line

serverargs=""

to say

serverargs="-nolisten tcp"

Now when X is started with startx(1), the server will not be listening on any ports.

Mouse hardware support under XFree86

Side buttons on 7-button mice

Mice like the MS Intellimouse Explorer have 5 buttons, besides the wheel, which means a total of 7 buttons as far as XFree86 is concerned. Here's a summary of how to get the extra buttons working, as outlined in the official XFree developer documentation.

Under XFree86 4.2.x and later, add/change settings in your mouse !InputDevice? section of /etc/X11/XF86Config(-4)

Protocol "ExplorerPS/2" # instead of plain "IMPS/2" Options "Buttons" "7" "ZAxisMapping" "6 7"

Verify that it works by using xev(1) and clicking on the various buttons after restarting your display manager (xdm(1)?/gdm(1)?/kdm(1)?/wdm(1)?/...).

You'll probably notice that your mouse wheel doesn't work any more, but the two side buttons act as wheel up/down now. The reason for this is that the application widget sets (eg QT? and GTK) assume buttons 4 and 5 are generated by a wheel, in the same way that they assume a button 3 message was generated by the 3rd mouse button. For some reason the Explorer driver and/or hardware assigns 4 and 5 to the side buttons, and 6 and 7 to the wheel.

To fix this, change the button order

xmodmap -e "pointer = 1 2 3 6 7 4 5"

To have this happen automatically, you could

1. add it to your .xsession or .xinitrc, which only works per user
2. assuming you're using gdm(8), add it to /etc/gdm/!PreSession?/Default which affects everyone using gdm(8)
3. assuming you're using kdm(8)?, add it to ??? - AddToMe

MozillaNotes has examples on how to use these extra buttons for things like going forward/backwards in a browser. Many games also support them.

Using your Keyboard as a mouse

Should you happen to find yourself without a mouse for one reason or another you can use the numpad on your keyboard as a substitute. To enable this feature simply press Shift-!NumLock? (various people report their keyboards' !NumLock? keys even have mouse icons on them - check yours!), which gives you two beeps to signify it's active.

Use 2/4/6/8 as down/left/up/right, respectively. 5 clicks a mouse button, + toggles whether it's the left or right one. * produces a middle-click.

Changing the mouse cursor speed

GNOME and KDE have applets/config settings to change the mouse speed settings. If you prefer to do it manually, or you are running a different window manager/environment, you can use the xset(1) command.

$ xset m 2 4

sets the acceleration to 2 and the threshold to 4. This means that the mouse cursor will be accelerated to double speed when the cursor passes over 4 pixels in a "short time". This means that if you are moving the mouse slow enough (under the threshold), the mouse moves at normal speed, but over the threshold and the cursor is moved faster than normal. The acceleration can be a fraction, eg

$ xset m 5/2 8

will make the cursor go 2.5 times normal speed if the cursor moves over 8 pixels in a short time.

Mouse cursor

Some games on linux (such as Quake2 or BzFlag) don't change the mouse pointer, meaning you get the mouse arrow in the middle of your game.

You can change the shape of the cursor using standard programs that come with XFree86. X also comes with lots of bitmaps for this purpose. The xsetroot(1) program does this. If you give it the -cursor option, the first argument is an xbm to use for the cursor and the second argument is a transparency mask.

A good, minimalist pointer is

$ BMPATH=/usr/X11R6/include/X11/bitmaps $ xsetroot -cursor $BMPATH/opendot $BMPATH/opendot

To restore the cursor back to the original pointer

$ BMPATH=/usr/X11R6/include/X11/bitmaps $ xsetroot -cursor $BMPATH/left_ptr $BMPATH/left_ptrmsk