Securing Xvfb on a multi-user system

Billy Wilson billy_wilson at
Tue Jan 13 14:22:45 PST 2015


I have a question about using Xvfb securely on a multi-user system. We 
are currently using xorg-x11-server-Xvfb-1.10.4-6.el6.x86_64. Our main 
reason for using Xvfb is to accommodate one of our users, whose 
scientific computing software requires an X server for some reason.

My concern is that if the non-privileged user runs the following: `Xvfb 
:1 -screen 0 800x600x24+1`

Any user on the system is able to export DISPLAY=:1 and run programs 
that connect to his dummy X server. I'm aware of auth file and xhost 
mechanisms for access control, but I was wondering how I can have Xvfb 
restrict connections strictly to the user, by default.

In other words: How can I prevent an uninformed user from using the Xvfb 
defaults and opening X to the world?

Billy Wilson

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the xorg mailing list