Léa,
You will need to grant user_2 the x bit on user_1's home directory so that
they can access /home/user_1/.Xauthority. I think most distros set $HOME
permissions to 700, you may try setting it to 711 or adding user_2 to the
user_1 gid and using 710 (depending on your security model).
Cheers,
Bryan
On Fri, Dec 27, 2019 at 11:30 AM Lmhelp1 <lmhe...@orange.fr> wrote:
> Hello Uli,
>
> Thank you for your answer and for the explanations.
>
> "ssh -X user_2@localhost" works fine indeed.
>
> Uli> The problem is access to the xauthority file of user_1
>
> I created a group "simple_users" and put "user_1" and "user_2" in that
> group.
> I changed the owner group of "/home/user_1/.Xauthority" to
> "simple_users" and set permissions to 660.
> > chown user_1:simple_users /home/user_1/.Xauthority
> > chmod 660 /home/user_1/.Xauthority
>
> Then I re-tried the experiment:
>
> user_1> su user_2
> Password:
>
> I don't get the error that I reported in my first post
> (No protocol specified
> xrdb: Resource temporarily unavailable
> xrdb: Can't open display ':50').
>
> Yet, when I run xeyes, I get an error:
>
> user_2> xeyes
> No protocol specified
> Error: Can't open display ':50'
>
> Best regards,
> --
> Léa
>
>
> On 27/12/2019 4:17 PM, Ulrich Sibiller wrote:
> > You are switching users without passing the display authorization
> > cookie. The easiest way to achieve this is probably using ssh: instead
> > of executing "su user_2" call "ssh -X user_2@localhost".
> >
> > The problem is access to the xauthority file of user_1 (the path is
> > stored in the XAUTHORITY environment, usually
> > /home/user_1/.Xauthority.). This file contains the cookie you need to
> > access the display. As user_2 you are not allowed to read that file
> > while as user root you can read it.
> >
> > Uli
> >
> > On Fri, Dec 27, 2019 at 3:45 PM Lmhelp1 wrote:
> >> Hello,
> >>
> >> I am using X2Go under Debian with Openbox.
> >> I have upgraded to Debian Buster, I didn't use to experiment the problem
> >> below with Debian Stretch.
> >> My problem is about running graphical clients (like xeyes, xterm, gvim,
> >> etc.) from a console logged in either as a "simple" user ("user_2"
> >> below) or as "root".
> >> "user_2" cannot run these clients, "root" can.
> >> I would like both of them to be able to run these clients.
> >> Below, is what happens ("user_1" is the user that started the X2Go
> >> session, it is also a "simple" user).
> >>
> >> user_1> su user_2
> >> Password:
> >> No protocol specified
> >> xrdb: Resource temporarily unavailable
> >> xrdb: Can't open display ':50'
> >>
> >> user_2> exit
> >>
> >> user_1> su
> >> Password:
> >> root> xeyes
> >> <OK>
> >>
> >> Can you tell me how to allow "user_1" to run graphical clients like
> >> xeyes, xterm, gvim, etc.?
> >>
> >> Best regards,
> >> --
> >> Léa
> >>
> >> _______________________________________________
> >> x2go-user mailing list
> >> x2go-user@lists.x2go.org
> >> https://lists.x2go.org/listinfo/x2go-user
>
> _______________________________________________
> x2go-user mailing list
> x2go-user@lists.x2go.org
> https://lists.x2go.org/listinfo/x2go-user
>
_______________________________________________
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user
