Hello Bryan,
Permissions (by default) are 755 for "/home/user_1/"...
Best regards,
--
Léa
On 27/12/2019 6:02 PM, Bryan Roessler wrote:
Léa,
You will need to grant user_2 the x bit on user_1's home directory so
that they can access /home/user_1/.Xauthority. I think most distros
set $HOME permissions to 700, you may try setting it to 711 or adding
user_2 to the user_1 gid and using 710 (depending on your security model).
Cheers,
Bryan
On Fri, Dec 27, 2019 at 11:30 AM Lmhelp1 <[email protected]
<mailto:[email protected]>> wrote:
Hello Uli,
Thank you for your answer and for the explanations.
"ssh -X user_2@localhost" works fine indeed.
Uli> The problem is access to the xauthority file of user_1
I created a group "simple_users" and put "user_1" and "user_2" in
that
group.
I changed the owner group of "/home/user_1/.Xauthority" to
"simple_users" and set permissions to 660.
> chown user_1:simple_users /home/user_1/.Xauthority
> chmod 660 /home/user_1/.Xauthority
Then I re-tried the experiment:
user_1> su user_2
Password:
I don't get the error that I reported in my first post
(No protocol specified
xrdb: Resource temporarily unavailable
xrdb: Can't open display ':50').
Yet, when I run xeyes, I get an error:
user_2> xeyes
No protocol specified
Error: Can't open display ':50'
Best regards,
--
Léa
On 27/12/2019 4:17 PM, Ulrich Sibiller wrote:
> You are switching users without passing the display authorization
> cookie. The easiest way to achieve this is probably using ssh:
instead
> of executing "su user_2" call "ssh -X user_2@localhost".
>
> The problem is access to the xauthority file of user_1 (the path is
> stored in the XAUTHORITY environment, usually
> /home/user_1/.Xauthority.). This file contains the cookie you
need to
> access the display. As user_2 you are not allowed to read that file
> while as user root you can read it.
>
> Uli
>
> On Fri, Dec 27, 2019 at 3:45 PM Lmhelp1 wrote:
>> Hello,
>>
>> I am using X2Go under Debian with Openbox.
>> I have upgraded to Debian Buster, I didn't use to experiment
the problem
>> below with Debian Stretch.
>> My problem is about running graphical clients (like xeyes,
xterm, gvim,
>> etc.) from a console logged in either as a "simple" user ("user_2"
>> below) or as "root".
>> "user_2" cannot run these clients, "root" can.
>> I would like both of them to be able to run these clients.
>> Below, is what happens ("user_1" is the user that started the X2Go
>> session, it is also a "simple" user).
>>
>> user_1> su user_2
>> Password:
>> No protocol specified
>> xrdb: Resource temporarily unavailable
>> xrdb: Can't open display ':50'
>>
>> user_2> exit
>>
>> user_1> su
>> Password:
>> root> xeyes
>> <OK>
>>
>> Can you tell me how to allow "user_1" to run graphical clients like
>> xeyes, xterm, gvim, etc.?
>>
>> Best regards,
>> --
>> Léa
>>
>> _______________________________________________
>> x2go-user mailing list
>> [email protected] <mailto:[email protected]>
>> https://lists.x2go.org/listinfo/x2go-user
_______________________________________________
x2go-user mailing list
[email protected] <mailto:[email protected]>
https://lists.x2go.org/listinfo/x2go-user
_______________________________________________
x2go-user mailing list
[email protected]
https://lists.x2go.org/listinfo/x2go-user
