how to create .Xauthority file

Hi Geekos!

I am trying to understand how xauth works. Here’S my setup:

I derive a docker container from openSUSE Leap 15.3, to which I’d like to connect using VNC. I install icewm, xdm, xauth, xinit and xorg-x11-server. I also create an ~/.xinitrc file as described by the IceWM manual. As an entrypoint for the container, I defined a script that calls


x11vnc \
    -auth guess \
    -forever \
    -loop \
    -noxdamage \
    -repeat \
    -passwd ${VNC_PASSWD} \
    -rfbport 5900 \
    -create

However, launching that would result in xauth complaining about a missing .Xauthority file. (I set $DISPLAY to be :20.)


 --- x11vnc loop: 1 ---
 --- x11vnc loop: waiting for: 8
passing arg to libvncserver: -passwd
x11vnc version: 0.9.16 lastmod: 2019-01-05  pid: 8
xauth:  file /home/XYZABC/.Xauthority does not exist
-auth guess: failed for display=':20'

That’s kind of alright. I “just” need to get a file for X11 (I guess, maybe I am wrong already on that assumption.)
However, if I try to create one (either by entering the container with “docker exec -ti … bash” or in the Dockerfile), and run anything like

xauth generate localhost:20 . trusted

this will result in

xauth: (argv):1:  unable to open display "localhost:20".

Which is correct as well; in these shells, there is no display. However, there must be a way to generate the file without having a display in the first place. I am a bit stuck here.

Kudos for any insights!

man xauth


       Normally  xauth  is  not used to create the authority file entry in the first place; the
       program that starts the X server (often xdm or startx) does that.

The location of authority file is display manager dependent and is exported to X clients as XAUTHORITY environment variable. Manually generating this file with random content is entirely useless because the only purpose of it is to authenticate X11 client to server, so both X11 server and X11 client must have identical content. Which is why “xauth generate” requires X11 server connection.

x11vnc connects to existing X11 server which means you must already have X11 server running and authority file must already have been generated. You just need to pass the correct file location to x11vnc.

VNC doesn’t need to be running inside the container, unless you want to completely isolate clients running inside. And you can’t just pick a random $DISPLAY, it needs a server with that display setup before you use xauth.

There are topics in this forum, check it out: https://forums.opensuse.org/showthread.php/566277-Forwarding-tmp-X11-unix-X0-and-xauth-cookie-is-not-enough-xhost-is-also-required?highlight=xauth

Also this is a solved problem, check https://github.com/mviereck/x11docker, https://github.com/89luca89/distrobox, etc.

Normally .Xauthority should be owned by the user, not root. Not sure in your environment. I’ve seen .Xauthority ownership change if you log on as root and browse the user’s home. At least in the past.