在其他机器上使用Emacs服务器和emacsclient作为其他用户 [英] Using Emacs server and emacsclient on other machines as other users
问题描述
我知道,在现有Emacs会话中调用(start-server)之后,我可以使用 emacsclient -c (在同一台计算机上)创建连接到该服务器的新帧,以便由 emacsclient 创建的每个新帧可以访问同一组共享状态(例如缓冲区)。
我发现的大多数文档都集中在让我快速访问我的本地Emacs用例,所以有两件事我没有看到任何细节:
-
可以
emacsclient -c访问由其他用户启动的Emacs服务器,还是硬连线仅检测由我自己的用户开始的会话? -
Emacs服务器(直接或间接)是否支持远程连接?也就是说,有没有办法设置Emacs(可能涉及SSH),允许调用远程机器上的
emacsclient -c来访问我的Emacs服务器的本地状态?
(如果您还没有猜到,最终我想做的是结合上述两种技术来提供初步的协作编辑支持。)
这是一个现实世界的问题,所以这里是我正在使用的:
- 已经在Emacs中构建必要的功能(23.3 .1,64位)。我可以从标准的Ubuntu存储库扩展到Emacs扩展,但我不想。 (我相信,排除鲁德尔 可悲的是。)
- 没有新用户或用户欺骗。解决方案应该与现有的用户帐户一起使用,用户不能假装是其他用户(例如通过
su或ssh)。
如果有任何区别,机器在私有LAN上,安装了OpenSSH客户端和服务器(并运行),所有用户都可以连接到所有计算机上的自己的帐户,但没有共享文件系统。
那么,有没有人知道Emacs服务器是否可以
- 授予对其他用户的访问权限,或者
- 提供远程访问?
编辑
正如rwb的回答中所说,很清楚通过运行 emacsclient -c 在本地打开的新窗口实际上由Emacs服务器进程的远程创建。也就是说, emacsclient 只是触发服务器中的相关行为。这会导致显示设置不正确的一些问题,因为服务器通常不能访问本地桌面(见下文)。但是,如果我使用以下命令序列,我现在可以连接到远程Emacs会话:
在一个终端中,其中 1.22.333.44 是IP地址 remotehost :
ssh -t -X remotehost \
emacs -nw --eval
'(progn(setq server-host \1.22.333.44\server-use-tcp t)(服务器-start))'
然后在另一个(在同一台机器上):
scp remotehost:.emacs.d / server / server / tmp / server-file
DISPLAY = localhost:10 emacsclient -c -f / tmp / server-file
emacsclient 命令导致远程Emacs服务器(它查找 / tmp / server-file 中的详细信息)打开一个图形Emacs窗口(在本地显示器上),共享状态远程主机上的Emacs会话。
由于远程Emacs服务器是通过 ssh -X 启动的,因此SSH可以通过SSH访问我的本地显示一个假的:10 显示。传递给它的 DISPLAY =:10 (通过 emacsclient )导致在我的本地桌面上打开一个窗口。
尽管上述方法勾画了在远程机器上运行Emacs服务器,使用 emacsclient 本地框,这是非常有限的。实际上,作为一个用户在本地运行服务器和客户端没有太大差别:唯一的区别是服务器现在是远程的,因此可以访问不同的系统资源。
不幸的是,通过 ssh -X 启动是我在另一台机器的X服务器上成功打开窗口的唯一方法:
-
指定基本的
DISPLAY = remote:0无处可见(因为Ubuntu X服务器已启动使用-nolisten tcp选项)。 -
通过SSH连接,然后使用
DISPLAY =:0也失败,但这次只是由于缺乏合适的认证凭据。 (我相信是这样的,反正:错误消息隐含地说没有指定协议/无法打开显示。 )
我认为找到解决第二个问题的方法可能会使我更加接近解决方案。
阅读了 http://comments.gmane.org/gmane.emacs.devel/103350 (从10月25日14:50的帖子开始,大约一半) '开始怀疑Emacs可能是Emacs不能做的一件罕见的事情(即不可能的) -
但是,如果有人有办法为了提供对远程X显示的访问,没有上面的权限错误,我仍然可以劝说....
TL; DR / p>
正如rwb的回答所指出的,上面我的问题是关于Emacs是否可以授予远程访问权限, DS。 Emacs授予对其他用户的访问没有真正的问题( server-use-tcp 和一个合适的服务器文件关心这个):相反的问题是如何允许一台机器上的进程在其他用户的X显示器上打开新的X窗口(具体来说,Emacs运行(start-服务器)需要为通过 emacsclient -c 请求它的用户打开窗口。这个答案超出了这个问题的范围。
替代方案
解决方法,我们使用以下内容:
- machine0:
tmux -S / tmp / shared-tmux-socket new-会话 - machine1..machineN:
ssh -t machine0 tmux -S / tmp / shared-tmux-socket attach
在 / tmp / shared-tmux-socket 。
然后我们在共享终端中运行一个文本模式Emacs。 :-)这确实引发了一些用户欺骗的问题,但至少主持人可以看到客人正在做的一切。
我认为你所要求的是不可能的定义,因为如果你给远程用户不受限制地访问你的Emacs,这就像让远程用户通过ssh访问shell一样多的用户欺骗。为了拼出来,从安全的角度来看,这可能是一个坏主意。
另外,让两个用户访问一个Emacs的结果不如你可能希望。它不是设计同时访问的。这是多年以来,我尝试了,所以事情可能会有一些移动,但是当我做到这一点至少是古怪的。
仍然,我会尝试回答你的问题。
听起来你正在考虑这种背后的原因,因为在网络方面,直觉上,X11显示器是服务器,X11应用程序是客户端。这是令人惊讶的,因为通常显示器是用户本地的,并且应用程序在某些远程服务器上运行。
您可以指示运行的emacs连接到远程显示器使用 Mx make-frame-on-display 打开一个新窗口。为此,该显示的所有者将需要授予您访问权限。
我们将假定 host-l 是运行Emacs的计算机,并且您希望使 host-r 上的显示0的用户可以访问它。请注意,您已经表示您不想使用SSH转发,因此按照此方法将导致所有流量都将通过未加密的网络进行。
首先,make确保显示 host-r:0 正在接受TCP连接。您没有提及您的操作系统,但这可能是Unix上的默认值,可能不在Linux上(出于安全原因)。例如,如果以下提到 -nolisten tcp ,那么您需要更改此配置。
host-r $ ps -ef | grep X
接下来,让host-r的用户运行以下操作,并向您发送输出。请确保警告他们,如果您选择,这将允许您完全控制他们当前的桌面会话。
host- r $ xauth列表$ DISPLAY
host-r / unix:0 MIT-MAGIC-COOKIE-1 01234567890abcdef0123456789abcd
这实际上是显示器的密码。在 host-l 中,将其放在Emacs将能够找到的地方:
host-l $ xauth add host-r:0 MIT-MAGIC-COOKIE-1 01234567890abcdef0123456789abcd
现在输入 Mx make-frame-on-display host-r:0 ,并在远程显示器上弹出Emacs窗口。
I know that after I call (start-server) inside an existing Emacs session I can then use emacsclient -c (on the same computer) to create new frames that connect into that server, so that each new frame created by emacsclient has access to the same set of shared state (e.g. buffers).
Most of the documentation I've found focuses on the "give me fast access to my local Emacs" use case, and so there are two things that I haven't seen any details of yet:
Can
emacsclient -caccess Emacs servers started by other users, or is it hard-wired to detect only sessions started by my own user?Does Emacs server (directly or indirectly) support remote connections? That is, is there some way to set up Emacs (possibly involving SSH) that allows calls to
emacsclient -con remote machines to have access to the local state of my Emacs server?
(In case you haven't already guessed, what I'd ultimately like to do is combine the two techniques above to provide rudimentary collaborative editing support.)
This is a real-world problem, so here's what I'm working with:
- The necessary functionality should be built into Emacs already (23.3.1, 64-bit). I can stretch to Emacs extensions from the standard Ubuntu repositories, but I'd prefer not to. (Which I believe rules out Rudel, sadly.)
- No new users or user spoofing. Solutions should work with the existing set of user accounts, and users must not pretend to be other users (e.g. via
suorssh).
If it makes any difference, the machines are on a private LAN, have OpenSSH clients and servers installed (and running), and all users can connect to (their own account on) all machines, but they have no shared filesystem.
So, does anybody know whether Emacs server can
- grant access to other users, or
- provide remote access?
EDIT
As commented in rwb's answer, it's clear that the new windows being opened locally by running emacsclient -c are actually being created by the remote Emacs server process. That is, emacsclient is simply triggering the relevant behaviour in the server. This causes some issues with incorrect display settings, since the server does not normally have access to the local desktop (see below). However, I can now connect in to a remote Emacs session if I use the following sequence of commands:
In one terminal, where 1.22.333.44 is the IP address of remotehost:
ssh -t -X remotehost \
"emacs -nw --eval
'(progn (setq server-host \"1.22.333.44\" server-use-tcp t) (server-start))'"
Then in another (on the same machine):
scp remotehost:.emacs.d/server/server /tmp/server-file
DISPLAY=localhost:10 emacsclient -c -f /tmp/server-file
The emacsclient command causes the remote Emacs server (which it finds details of in /tmp/server-file) to open up a graphical Emacs window (on the local display) that shares state with the Emacs session on the remote host.
Since the remote Emacs server was started via ssh -X, SSH provides it with access to my local display via a "fake" :10 display. The DISPLAY=:10 passed to it (via emacsclient) thus causes a window to be opened on my local desktop.
Although the approach above does tick the "Run Emacs server on remote machine, connect to it using emacsclient locally" box, it's very limited. In fact, it's not much different to running the server and clients all locally as a single user: the only difference is that the server is now remote, so has access to different system resources.
Unfortunately, launching via ssh -X is the only way I've been able to successfully open a window on a different machine's X server:
Specifying a basic
DISPLAY=remote:0gets nowhere (since Ubuntu X servers are started with the-nolisten tcpoption).Connecting via SSH and then using
DISPLAY=:0also fails, but this time only due to lack of suitable authentication credentials. (I believe that's the case, anyway: the error message cryptically saysNo protocol specified/Can't open display.)
I think that finding a way around the second problem would probably get me a good deal closer to a solution.
Having read the posts at http://comments.gmane.org/gmane.emacs.devel/103350 (starting at the '25 Oct 14:50' post, about half way down) I'm starting to wonder if this might be one of the rare things that Emacs cannot do (i.e. is impossible ;-) ).
However, if anyone does have a way to provide access to remote X displays without the permissions error above, I'm still open to persuasion....
TL;DR
As pointed out by rwb's answer, my questions above about whether Emacs can grant remote access have got things backwards. There's no real problem with Emacs granting access to other users (server-use-tcp and a suitable server-file take care of this): rather the problem is how to allow a process on one machine to open new X windows on other users' X displays (specifically, the Emacs running (start-server) needs to open windows for users who ask it to via emacsclient -c). That answer's beyond the scope of this question.
Alternative solution
As a workaround, we use the following:
- machine0:
tmux -S /tmp/shared-tmux-socket new-session - machine1..machineN:
ssh -t machine0 tmux -S /tmp/shared-tmux-socket attach
with suitable file permissions on /tmp/shared-tmux-socket.
Then we run a text-mode Emacs in the shared terminal. :-) This does raise some user-spoofing questions, but at least the host can see everything that the guests are doing.
I think what you're asking for is impossible by definition, because if you give a remote user unrestricted access to your Emacs, this is just as much "user spoofing" as letting that remote user access a shell via ssh. To spell it out, from a security point of view this is probably a bad idea.
Also, the results of letting two users access one Emacs aren't as good as you might hope. It isn't designed with simultaneous access in mind. It's years since I tried it, so things might have moved on a bit, but when I did it was quirky to say the least.
Still, I'll try to answer your question.
It sounds like you're thinking about this back-to-front, because, counter-intuitively, in network terms, the X11 display is the server, and the X11 application is the client. This is surprising because typically the display is local to the user and the application is running on some remote server.
You can instruct a running emacs to connect to a remote display and open a new window with M-x make-frame-on-display. For this to work, the owner of that display will need to grant you access to it.
We will assume host-l is the computer that is running Emacs, and that you want to make it accessible to a user of display 0 on host-r. Be aware that you've said you don't want to use SSH forwarding, so following this method will cause all traffic will go across the network unencrypted.
First, make sure that display host-r:0 is accepting TCP connections. You don't mention your operating system, but this is probably the default on Unix and probably isn't on Linux (for security reasons). If, for example, the following mentions -nolisten tcp then you'll need to change this configuration.
host-r$ ps -ef | grep X
Next, get the user of host-r to run the following, and send you the output. Be sure to warn them that this will allow you to take complete control of their current desktop session, should you choose.
host-r$ xauth list $DISPLAY
host-r/unix:0 MIT-MAGIC-COOKIE-1 01234567890abcdef0123456789abcd
This is, effectively, the "password" for the display. On host-l, put it where Emacs will be able to find it with:
host-l$ xauth add host-r:0 MIT-MAGIC-COOKIE-1 01234567890abcdef0123456789abcd
Now enter M-x make-frame-on-display host-r:0 and an Emacs window should pop up on the remote display.
这篇关于在其他机器上使用Emacs服务器和emacsclient作为其他用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
