RE: PCI compliance and shared Linux accounts

  • From: "Jesse, Rich" <Rich.Jesse@xxxxxxxxxxxxxxxxx>
  • To: <Rodd.Holman@xxxxxxxxx>, <henry@xxxxxxxxxxxxxxx>
  • Date: Mon, 24 Oct 2005 14:36:38 -0500

Actually it may not work, depending on how X is setup and the version of
SSH/SSL installed.  I have that problem right now with an older version
of SSH on HPUX.  Even the venerable "xhost +" gaping security hole
workaround didn't work.  You could try doing an "echo $DISPLAY" after
the initial "ssh -X" (or "ssh -Y") and seeing if you can export that
value after the su to oracle, but I doubt that'll work.

One of these days I may have enough time to figure it out...


-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Rodd Holman
Sent: Monday, October 24, 2005 2:10 PM
To: henry@xxxxxxxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: PCI compliance and shared Linux accounts

Henry, can you sudo vi and add a line to the top of the 
shell DISPLAY=yourlocalXdisplay:0 and export DISPLAY
That should allow the sudo command to work through the ssh X tunnel.


Other related posts: