4

The return value of command who will always include root :0 in X Window pts. I guess it actually means the GNOME login. Am I right?

Another question is where to get this knowledge, as I don't see it in the man who, neither in info who.

Example

[root@localhost root]# who
root     :0           Sep 11 06:33 
root     pts/0        Sep 11 06:36     (:0.0)
slm
  • 369,824
user43312
  • 961
  • 1
    What does the command whoami show? Are you logged in as the root user? – slm Sep 11 '13 at 08:36
  • whoami just shows root. Yes I logged in with root. – user43312 Sep 12 '13 at 02:34
  • 1
    Side note: logging in with root, especially to X, is an extremely bad idea. Don't do it. – strugee Sep 12 '13 at 02:59
  • @slm [root@localhost root]# who
    root :0 Sep 11 06:33
    root pts/0 Sep 11 06:36 (:0.0)     – user43312 Sep 12 '13 at 11:25
  • Can you run the who command and put the results in your question? I can't follow the formatting of the output when you paste it in the comments. – slm Sep 12 '13 at 11:30
  • @strugee Thanks for your remind. Though I don't understand it that well. – user43312 Sep 12 '13 at 11:34
  • 1
    Strugee is just saying that the root account shouldn't be logged into as a regular account, you should only use it when you need to do system things directly through su - or sudo -i ...`. Otherwise you should have an account that you use daily as a regular account that doesn't have too many privileges. – slm Sep 12 '13 at 11:47
  • @user43312 the reason is this: let's say you're running Firefox as root under Xorg. Firefox doesn't really need privileges, but since you're giving them to it anyway, the entire machine gets compromised if Firefox is compromised. If you run Firefox under a regular account, then only the data that that account has access to is compromised, instead of the entire system. – strugee Sep 12 '13 at 15:59

2 Answers2

4

See info who (who's Stallman's domain)

If given no non-option arguments, `who' prints the following information for each user currently logged on: login name, terminal line, login time, and remote hostname or X display.

This is X display number (and might be screen number as well, like, 0:0)

Though, it doesn't contain any root for my pseudoterminal X windows. If you're logged in as root, that's probably bad from security point of view.

UPDATE: Display and screen are logical concepts of X windows system. When I say here "screen" or "display" I mean X windows screen or display, not any physical device (who refers to X windows displays and screens, too).

enter image description here

The point of displays is that your computer may run several instances of X server at the same time, then they are said to be run on different displays. E.g. your normal graphical environment can be shown by X server instance 1 at display:0 and you may also have a remote desktop application such as Xephyr or Xnest starting another instance of X server at display:1 and outputting to a single window: see https://superuser.com/questions/363988/display-remote-x-session-complete-desktop-in-one-client-x-window.

X windows system was design to allow X server and X client be separated by the network. For their interaction it relies on Berkley sockets mechanism. Each X server behaves just like a web-server (e.g. Apache) in terms of its interaction with clients. Just like Apache creates TCP/IP sockets to listen to connecting browsers, processes their requests and sends responses, Xorg creates

  • TCP/IP sockets for remote X clients
  • Unix domain sockets for local X clients

It processes their requests to draw onto the display and instead of responses sends events - notifications of user activity (mouse buttons clicked, keyboard keys presses etc.).

Each display corresponds to a separate instance of X Server and there's a convention for TCP/IP port numbers and Unix domain socket names, on which displays should listen. To determine the TCP/IP port number, add 6000 to the display number. For example, Display Number 1 listens on TCP port 6001 (1 + 6000 = 6001). Unix domain sockets for Xorg are typically located in /tmp/.X11-unix/ and named appropriately.

Screens: screens were designed to handle the case, when your computer has several physical monitors, but one X server instance draws its output on both. Then first monitor is said to be screen0 and second monitor to be screen1. Xclients had to choose only 1 screen for themselves. To be honest, I never dealt with that case myself and nowadays its pretty much dead, cause with Xinerama extension you may have one X screen, like 0:0 span to several physical monitors as on the picture at wikipedia.

Community
  • 1
Boris Burkov
  • 3,980
  • Thanks for your security suggestion. Could you clarify the two terms display# and screen#? And I get a :0 only rather than 0:0. And a :0.0 after pts. – user43312 Sep 12 '13 at 02:35
  • As the info who shows, it should include 4 columns, where the last column should be a remote hostname or X display. But my who result just shows only the first 3 columns. – user43312 Sep 12 '13 at 02:38
  • @user43312 I updated my answer with explanation of X concepts. Also, see the answer by slm for good explanation of other parts of your question. – Boris Burkov Sep 12 '13 at 08:15
  • who's Stallman's domain? What do you mean by that? – jcora Sep 12 '13 at 11:59
  • Thanks, Bob and @slm, and many others who answered my question. It is really a task to read all your answers before I thoroughly master it. – user43312 Sep 12 '13 at 13:52
  • @yannbane I mean that who utility is a part of GNU coreutils; GNU = Richard Stallman; Richard Stallman = man hater (tried to force info instead of it by distributing his manuals in info format, thus for who you'd better read info, not man), vi hater ("vivivi, editor of the beast"), the guy who fights FBI/CIA/NSA with GPL and writes manuals at least 10000 lines long and even if you read'em you won't understand a shit ;) – Boris Burkov Sep 12 '13 at 17:08
  • Yeah I know who Stallman is, but I just didn't know that he endorsed info over man. I didn't even know info was a thing. I'll google it. – jcora Sep 12 '13 at 18:31
  • @yannbane Well, here is sort of a proof: http://ereimer.net/rants/infosucks.htm for Stallman and info relationship. I like this part: "info is a solution to a non-problem, a fix to that what aint broke." I admit that "man hater" is overstatement, but he wanted to replace man. – Boris Burkov Sep 12 '13 at 19:07
3

who

When you run the command who it typically shows you output like this:

$ who
saml     tty1         2013-09-06 22:22 (:0)
saml     pts/0        2013-09-06 22:23 (:0.0)
saml     pts/5        2013-09-07 04:28 (:0.0)
saml     pts/9        2013-09-09 01:39 (:0.0)
saml     pts/13       2013-09-10 12:20 (:0.0)
saml     pts/44       2013-09-10 22:50 (:0.0)
saml     pts/78       2013-09-11 14:49 (:0.0)

This is showing me that I'm logged in as user saml, and have one console (tty1) and 6 pseudo terminals (pts). Every time I invoke a shell or open a tab in gnome-terminal that constitutes a pts terminal.

The 4th column

The 4th column tells you 1 of 2 things. If you're locally connected then it omits the hostname and just shows you the display number and the screen number. These are denoted by the 2 digits in the string 0.0 that come after the colon (:). The first digit is the display, the second is the screen.

Display & Screen

Display # and screen # can be a little confusing, but think of it this way. A single computer can have multiple video cards and monitors hanging off of it. These video cards and screens can be setup in such a way that you could drive them all simultaneously and these values allow you to target a specific one when launching applications. In general these are always :0.0, or you'll see the short hand notation of :0.

If this were a remote connection then a hostname would prefix the colon like this: somehost:0.0. This is saying that there is a connection from host somehost's display (0) and screen (0). This is important so that if an GUI based application were invoked within this connection, it would get displayed at this host's display 0 and screen 0.

Further Readings

Much of this information is in the Xserver man page and Xorg man pages.

slm
  • 369,824
  • 1
    @ChrisDown I'm afraid you are confusing display numbers and display names. Both :0 and :0.0 are display names and they represent the very same one. The screen number is just implicitly 0 in the first case and explicitly 0 in the second case so :0 is indeed a shorthand for :0.0. In any case who doesn't need to reports a screen number given the fact all screens belong to the same user session. – jlliagre Sep 12 '13 at 07:09
  • @jlliagre Thanks, retracted. X is one of the things which I have explicitly tried to avoid after having to use Xlib a few years ago. – Chris Down Sep 12 '13 at 11:33
  • 1
    @ChrisDown - yes that is an area that is probably the least understood by most, myself included. – slm Sep 12 '13 at 13:54
  • @ChrisDown I absolutely "adore" those Xorg "documentation" pages scattered all around the internet (including Xorg site) like this one: http://www.rahul.net/kenton/xsites.html. Reminds me of my granny's shed: filled with details of machines, discontinued 20 years ago, cut articles from journals and newspapers, all mixed. – Boris Burkov Sep 12 '13 at 17:19
  • @Bob Xorg has exhausted my patiences on many an occasion. dwm development has been a complete nightmare in some respects, in my opinion, almost always because of Xlib. You can't abstract such a horrible interface anywhere near enough to forget about how terrifying it is. XCB doesn't make me feel much better. – Chris Down Sep 12 '13 at 17:33
  • @ChrisDown this is so sad. As for the Xlib - I never dealt very close with it, except while reading GTK sources, but I don't have a feeling that its concept is deadly flawed. I though that it's so annoying because of hideous implementation. Is that right? Also, is XCB so ugly, too? – Boris Burkov Sep 15 '13 at 21:55