Léa, You will need to grant user_2 the x bit on user_1's home directory so that they can access /home/user_1/.Xauthority. I think most distros set $HOME permissions to 700, you may try setting it to 711 or adding user_2 to the user_1 gid and using 710 (depending on your security model).
Cheers, Bryan On Fri, Dec 27, 2019 at 11:30 AM Lmhelp1 <lmhe...@orange.fr> wrote: > Hello Uli, > > Thank you for your answer and for the explanations. > > "ssh -X user_2@localhost" works fine indeed. > > Uli> The problem is access to the xauthority file of user_1 > > I created a group "simple_users" and put "user_1" and "user_2" in that > group. > I changed the owner group of "/home/user_1/.Xauthority" to > "simple_users" and set permissions to 660. > > chown user_1:simple_users /home/user_1/.Xauthority > > chmod 660 /home/user_1/.Xauthority > > Then I re-tried the experiment: > > user_1> su user_2 > Password: > > I don't get the error that I reported in my first post > (No protocol specified > xrdb: Resource temporarily unavailable > xrdb: Can't open display ':50'). > > Yet, when I run xeyes, I get an error: > > user_2> xeyes > No protocol specified > Error: Can't open display ':50' > > Best regards, > -- > Léa > > > On 27/12/2019 4:17 PM, Ulrich Sibiller wrote: > > You are switching users without passing the display authorization > > cookie. The easiest way to achieve this is probably using ssh: instead > > of executing "su user_2" call "ssh -X user_2@localhost". > > > > The problem is access to the xauthority file of user_1 (the path is > > stored in the XAUTHORITY environment, usually > > /home/user_1/.Xauthority.). This file contains the cookie you need to > > access the display. As user_2 you are not allowed to read that file > > while as user root you can read it. > > > > Uli > > > > On Fri, Dec 27, 2019 at 3:45 PM Lmhelp1 wrote: > >> Hello, > >> > >> I am using X2Go under Debian with Openbox. > >> I have upgraded to Debian Buster, I didn't use to experiment the problem > >> below with Debian Stretch. > >> My problem is about running graphical clients (like xeyes, xterm, gvim, > >> etc.) from a console logged in either as a "simple" user ("user_2" > >> below) or as "root". > >> "user_2" cannot run these clients, "root" can. > >> I would like both of them to be able to run these clients. > >> Below, is what happens ("user_1" is the user that started the X2Go > >> session, it is also a "simple" user). > >> > >> user_1> su user_2 > >> Password: > >> No protocol specified > >> xrdb: Resource temporarily unavailable > >> xrdb: Can't open display ':50' > >> > >> user_2> exit > >> > >> user_1> su > >> Password: > >> root> xeyes > >> <OK> > >> > >> Can you tell me how to allow "user_1" to run graphical clients like > >> xeyes, xterm, gvim, etc.? > >> > >> Best regards, > >> -- > >> Léa > >> > >> _______________________________________________ > >> x2go-user mailing list > >> x2go-user@lists.x2go.org > >> https://lists.x2go.org/listinfo/x2go-user > > _______________________________________________ > x2go-user mailing list > x2go-user@lists.x2go.org > https://lists.x2go.org/listinfo/x2go-user >
_______________________________________________ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user