Léa,

You will need to grant user_2 the x bit on user_1's home directory so that they can access /home/user_1/.Xauthority. I think most distros set $HOME permissions to 700, you may try setting it to 711 or adding user_2 to the user_1 gid and using 710 (depending on your security model).

Cheers,
Bryan

On Fri, Dec 27, 2019 at 11:30 AM Lmhelp1 <lmhelp1@orange.fr> wrote:
Hello Uli,

Thank you for your answer and for the explanations.

"ssh -X user_2@localhost" works fine indeed.

Uli> The problem is access to the xauthority file of user_1

I created a group "simple_users" and put "user_1" and "user_2" in that
group.
I changed the owner group of "/home/user_1/.Xauthority" to
"simple_users" and set permissions to 660.
 > chown user_1:simple_users /home/user_1/.Xauthority
 > chmod 660 /home/user_1/.Xauthority

Then I re-tried the experiment:

user_1> su user_2
Password:

I don't get the error that I reported in my first post
(No protocol specified
xrdb: Resource temporarily unavailable
xrdb: Can't open display ':50').

Yet, when I run xeyes, I get an error:

user_2> xeyes
No protocol specified
Error: Can't open display ':50'

Best regards,
--
Léa


On 27/12/2019 4:17 PM, Ulrich Sibiller wrote:
> You are switching users without passing the display authorization
> cookie. The easiest way to achieve this is probably using ssh: instead
> of executing "su user_2" call "ssh -X user_2@localhost".
>
> The problem is access to the xauthority file of user_1 (the path is
> stored in the XAUTHORITY environment, usually
> /home/user_1/.Xauthority.). This file contains the cookie you need to
> access the display. As user_2 you are not allowed to read that file
> while as user root you can read it.
>
> Uli
>
> On Fri, Dec 27, 2019 at 3:45 PM Lmhelp1 wrote:
>> Hello,
>>
>> I am using X2Go under Debian with Openbox.
>> I have upgraded to Debian Buster, I didn't use to experiment the problem
>> below with Debian Stretch.
>> My problem is about running graphical clients (like xeyes, xterm, gvim,
>> etc.) from a console logged in either as a "simple" user ("user_2"
>> below) or as "root".
>> "user_2" cannot run these clients, "root" can.
>> I would like both of them to be able to run these clients.
>> Below, is what happens ("user_1" is the user that started the X2Go
>> session, it is also a "simple" user).
>>
>> user_1> su user_2
>> Password:
>> No protocol specified
>> xrdb: Resource temporarily unavailable
>> xrdb: Can't open display ':50'
>>
>> user_2> exit
>>
>> user_1> su
>> Password:
>> root> xeyes
>> <OK>
>>
>> Can you tell me how to allow "user_1" to run graphical clients like
>> xeyes, xterm, gvim, etc.?
>>
>> Best regards,
>> --
>> Léa
>>
>> _______________________________________________
>> x2go-user mailing list
>> x2go-user@lists.x2go.org
>> https://lists.x2go.org/listinfo/x2go-user

_______________________________________________
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user