On 2015-03-03, someone <thisistheone8...@gmail.com> wrote: > Wow, copying the .Xauthority to the "separated" user worked! > > But I'm still thinking that the "separated" user can give out the command: > > xinput test 6 > > and can see what anyone types in via X.
See xauth(1) about generating an untrusted auth token. If you're feeling lazy, enabling ssh X forwarding and using ssh -X user@localhost might be easier, but will be slower.