Wow, copying the .Xauthority to the "separated" user worked! But I'm still thinking that the "separated" user can give out the command:
xinput test 6 and can see what anyone types in via X. On Tue, Mar 3, 2015 at 5:56 PM, Ryan Freeman <[email protected]> wrote: > On Tue, Mar 03, 2015 at 05:51:27PM +0100, someone wrote: > > Hello, > > > > If I: > > > > pkg_add firefox-esr > > > > then I cannot see any separated user for it: > > > > grep -i firefox /etc/passwd > > > > When will OpenBSD have a separated user for the webbrowser by default? > > I think Ted specifically stated that jailing the browser under its own > user was outside the scope of what he was intending to do.. > > > If someone gets in via the webbrowser... it will have the id_rsa, the > > *.kdb, etc. > > > > If it will not be default.... what are the solutions for the people to > > run their webbrowser with another user? > > > > $ su - foo > > Password: > > $ /usr/local/bin/firefox-esr > > Error: no display specified > > $ exit > > echo $DISPLAY > > :0 > > $ su - foo > > Password: > > export DISPLAY=":0" > > $ /usr/local/bin/firefox-esr > > No protocol specified > > No protocol specified > > Error: cannot open display: :0 > > $ > > > > You'll need to copy the .Xauthority file from your main user (the one > running X) to ~foo/.Xauthority > > From there, you can then run X apps as foo and they should work just > fine. > > > Or is X so bad that it's not worth it? Can I run _several X servers_ > > on my notebook (separated from each other)? > > > > Ex.: CTRL+ALT+F2 would bring up the logged in user with it's own X > > server, and CTRL+ALT+F3 another.. > > > > Many thanks,
