<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><tt>Hello Bryan,</tt><tt><br>
</tt><tt><br>
</tt><tt>Permissions (by default) are 755 for "</tt><tt><tt>/home/user_1/"</tt>...</tt><tt><br>
</tt><tt><br>
</tt><tt>Best regards,</tt><tt><br>
</tt><tt>--</tt><tt><br>
</tt><tt>Léa</tt><tt><br>
</tt></p>
<tt><br>
</tt>
<div class="moz-cite-prefix"><tt>On 27/12/2019 6:02 PM, Bryan
Roessler wrote:</tt><tt><br>
</tt></div>
<blockquote type="cite"
cite="mid:CADjPr8QOXHbi=vVFQ7urAH5jHiwC_DKoHpytqHyd3pgqo3kPYw@mail.gmail.com">
<div class="moz-text-html" lang="x-unicode">
<div dir="ltr">
<div><tt>Léa,</tt></div>
<div><tt><br>
</tt></div>
<div><tt>You will need to grant user_2 the x bit on user_1's
home directory so that they can access
/home/user_1/.Xauthority. I think most distros set $HOME
permissions to 700, you may try setting it to 711 or
adding user_2 to the user_1 gid and using 710 (depending
on your security model).</tt><tt><br>
</tt></div>
<div><tt><br>
</tt></div>
<div><tt>Cheers,</tt></div>
<div><tt>Bryan</tt><tt><br>
</tt></div>
</div>
<tt><br>
</tt>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr"><tt>On Fri, Dec 27, 2019 at
11:30 AM Lmhelp1 <</tt><tt><a
href="mailto:lmhelp1@orange.fr" moz-do-not-send="true">lmhelp1@orange.fr</a></tt><tt>>
wrote:</tt><tt><br>
</tt></div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex"><tt>Hello Uli,</tt><tt><br>
</tt>
<tt><br>
</tt><tt>
Thank you for your answer and for the explanations.</tt><tt><br>
</tt>
<tt><br>
</tt><tt>
"ssh -X user_2@localhost" works fine indeed.</tt><tt><br>
</tt>
<tt><br>
</tt><tt>
Uli> The problem is access to the xauthority file of
user_1</tt><tt><br>
</tt>
<tt><br>
</tt><tt>
I created a group "simple_users" and put "user_1" and
"user_2" in that </tt><tt><br>
</tt><tt>
group.</tt><tt><br>
</tt><tt>
I changed the owner group of "/home/user_1/.Xauthority" to
</tt><tt><br>
</tt><tt>
"simple_users" and set permissions to 660.</tt><tt><br>
</tt><tt>
> chown user_1:simple_users /home/user_1/.Xauthority</tt><tt><br>
</tt><tt>
> chmod 660 /home/user_1/.Xauthority</tt><tt><br>
</tt>
<tt><br>
</tt><tt>
Then I re-tried the experiment:</tt><tt><br>
</tt>
<tt><br>
</tt><tt>
user_1> su user_2</tt><tt><br>
</tt><tt>
Password:</tt><tt><br>
</tt>
<tt><br>
</tt><tt>
I don't get the error that I reported in my first post</tt><tt><br>
</tt><tt>
(No protocol specified</tt><tt><br>
</tt><tt>
xrdb: Resource temporarily unavailable</tt><tt><br>
</tt><tt>
xrdb: Can't open display ':50').</tt><tt><br>
</tt>
<tt><br>
</tt><tt>
Yet, when I run xeyes, I get an error:</tt><tt><br>
</tt>
<tt><br>
</tt><tt>
user_2> xeyes</tt><tt><br>
</tt><tt>
No protocol specified</tt><tt><br>
</tt><tt>
Error: Can't open display ':50'</tt><tt><br>
</tt>
<tt><br>
</tt><tt>
Best regards,</tt><tt><br>
</tt><tt>
--</tt><tt><br>
</tt><tt>
Léa</tt><tt><br>
</tt>
<tt><br>
</tt>
<tt><br>
</tt><tt>
On 27/12/2019 4:17 PM, Ulrich Sibiller wrote:</tt><tt><br>
</tt><tt>
> You are switching users without passing the display
authorization</tt><tt><br>
</tt><tt>
> cookie. The easiest way to achieve this is probably
using ssh: instead</tt><tt><br>
</tt><tt>
> of executing "su user_2" call "ssh -X
user_2@localhost".</tt><tt><br>
</tt><tt>
></tt><tt><br>
</tt><tt>
> The problem is access to the xauthority file of
user_1 (the path is</tt><tt><br>
</tt><tt>
> stored in the XAUTHORITY environment, usually</tt><tt><br>
</tt><tt>
> /home/user_1/.Xauthority.). This file contains the
cookie you need to</tt><tt><br>
</tt><tt>
> access the display. As user_2 you are not allowed to
read that file</tt><tt><br>
</tt><tt>
> while as user root you can read it.</tt><tt><br>
</tt><tt>
></tt><tt><br>
</tt><tt>
> Uli</tt><tt><br>
</tt><tt>
></tt><tt><br>
</tt><tt>
> On Fri, Dec 27, 2019 at 3:45 PM Lmhelp1 wrote:</tt><tt><br>
</tt><tt>
>> Hello,</tt><tt><br>
</tt><tt>
>></tt><tt><br>
</tt><tt>
>> I am using X2Go under Debian with Openbox.</tt><tt><br>
</tt><tt>
>> I have upgraded to Debian Buster, I didn't use to
experiment the problem</tt><tt><br>
</tt><tt>
>> below with Debian Stretch.</tt><tt><br>
</tt><tt>
>> My problem is about running graphical clients
(like xeyes, xterm, gvim,</tt><tt><br>
</tt><tt>
>> etc.) from a console logged in either as a
"simple" user ("user_2"</tt><tt><br>
</tt><tt>
>> below) or as "root".</tt><tt><br>
</tt><tt>
>> "user_2" cannot run these clients, "root" can.</tt><tt><br>
</tt><tt>
>> I would like both of them to be able to run these
clients.</tt><tt><br>
</tt><tt>
>> Below, is what happens ("user_1" is the user that
started the X2Go</tt><tt><br>
</tt><tt>
>> session, it is also a "simple" user).</tt><tt><br>
</tt><tt>
>></tt><tt><br>
</tt><tt>
>> user_1> su user_2</tt><tt><br>
</tt><tt>
>> Password:</tt><tt><br>
</tt><tt>
>> No protocol specified</tt><tt><br>
</tt><tt>
>> xrdb: Resource temporarily unavailable</tt><tt><br>
</tt><tt>
>> xrdb: Can't open display ':50'</tt><tt><br>
</tt><tt>
>></tt><tt><br>
</tt><tt>
>> user_2> exit</tt><tt><br>
</tt><tt>
>></tt><tt><br>
</tt><tt>
>> user_1> su</tt><tt><br>
</tt><tt>
>> Password:</tt><tt><br>
</tt><tt>
>> root> xeyes</tt><tt><br>
</tt><tt>
>> <OK></tt><tt><br>
</tt><tt>
>></tt><tt><br>
</tt><tt>
>> Can you tell me how to allow "user_1" to run
graphical clients like</tt><tt><br>
</tt><tt>
>> xeyes, xterm, gvim, etc.?</tt><tt><br>
</tt><tt>
>></tt><tt><br>
</tt><tt>
>> Best regards,</tt><tt><br>
</tt><tt>
>> --</tt><tt><br>
</tt><tt>
>> Léa</tt><tt><br>
</tt><tt>
>></tt><tt><br>
</tt><tt>
>> _______________________________________________</tt><tt><br>
</tt><tt>
>> x2go-user mailing list</tt><tt><br>
</tt><tt>
>> </tt><tt><a
href="mailto:x2go-user@lists.x2go.org" target="_blank"
moz-do-not-send="true">x2go-user@lists.x2go.org</a></tt><tt><br>
</tt><tt>
>> </tt><tt><a
href="https://lists.x2go.org/listinfo/x2go-user"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.x2go.org/listinfo/x2go-user</a></tt><tt><br>
</tt>
<tt><br>
</tt><tt>
_______________________________________________</tt><tt><br>
</tt><tt>
x2go-user mailing list</tt><tt><br>
</tt>
<tt><a href="mailto:x2go-user@lists.x2go.org"
target="_blank" moz-do-not-send="true">x2go-user@lists.x2go.org</a></tt><tt><br>
</tt>
<tt><a href="https://lists.x2go.org/listinfo/x2go-user"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.x2go.org/listinfo/x2go-user</a></tt><tt><br>
</tt>
</blockquote>
</div>
</div>
</blockquote>
<tt><br>
</tt>
</body>
</html>