[X2Go-User] X2Go, Debian, Openbox - How run graphical clients as a simple user
Lmhelp1
lmhelp1 at orange.fr
Fri Dec 27 18:17:18 CET 2019
Hello Bryan,
Permissions (by default) are 755 for "/home/user_1/"...
Best regards,
--
Léa
On 27/12/2019 6:02 PM, Bryan Roessler wrote:
> Léa,
>
> You will need to grant user_2 the x bit on user_1's home directory so
> that they can access /home/user_1/.Xauthority. I think most distros
> set $HOME permissions to 700, you may try setting it to 711 or adding
> user_2 to the user_1 gid and using 710 (depending on your security model).
>
> Cheers,
> Bryan
>
> On Fri, Dec 27, 2019 at 11:30 AM Lmhelp1 <lmhelp1 at orange.fr
> <mailto:lmhelp1 at orange.fr>> wrote:
>
> Hello Uli,
>
> Thank you for your answer and for the explanations.
>
> "ssh -X user_2 at localhost" works fine indeed.
>
> Uli> The problem is access to the xauthority file of user_1
>
> I created a group "simple_users" and put "user_1" and "user_2" in
> that
> group.
> I changed the owner group of "/home/user_1/.Xauthority" to
> "simple_users" and set permissions to 660.
> > chown user_1:simple_users /home/user_1/.Xauthority
> > chmod 660 /home/user_1/.Xauthority
>
> Then I re-tried the experiment:
>
> user_1> su user_2
> Password:
>
> I don't get the error that I reported in my first post
> (No protocol specified
> xrdb: Resource temporarily unavailable
> xrdb: Can't open display ':50').
>
> Yet, when I run xeyes, I get an error:
>
> user_2> xeyes
> No protocol specified
> Error: Can't open display ':50'
>
> Best regards,
> --
> Léa
>
>
> On 27/12/2019 4:17 PM, Ulrich Sibiller wrote:
> > You are switching users without passing the display authorization
> > cookie. The easiest way to achieve this is probably using ssh:
> instead
> > of executing "su user_2" call "ssh -X user_2 at localhost".
> >
> > The problem is access to the xauthority file of user_1 (the path is
> > stored in the XAUTHORITY environment, usually
> > /home/user_1/.Xauthority.). This file contains the cookie you
> need to
> > access the display. As user_2 you are not allowed to read that file
> > while as user root you can read it.
> >
> > Uli
> >
> > On Fri, Dec 27, 2019 at 3:45 PM Lmhelp1 wrote:
> >> Hello,
> >>
> >> I am using X2Go under Debian with Openbox.
> >> I have upgraded to Debian Buster, I didn't use to experiment
> the problem
> >> below with Debian Stretch.
> >> My problem is about running graphical clients (like xeyes,
> xterm, gvim,
> >> etc.) from a console logged in either as a "simple" user ("user_2"
> >> below) or as "root".
> >> "user_2" cannot run these clients, "root" can.
> >> I would like both of them to be able to run these clients.
> >> Below, is what happens ("user_1" is the user that started the X2Go
> >> session, it is also a "simple" user).
> >>
> >> user_1> su user_2
> >> Password:
> >> No protocol specified
> >> xrdb: Resource temporarily unavailable
> >> xrdb: Can't open display ':50'
> >>
> >> user_2> exit
> >>
> >> user_1> su
> >> Password:
> >> root> xeyes
> >> <OK>
> >>
> >> Can you tell me how to allow "user_1" to run graphical clients like
> >> xeyes, xterm, gvim, etc.?
> >>
> >> Best regards,
> >> --
> >> Léa
> >>
> >> _______________________________________________
> >> x2go-user mailing list
> >> x2go-user at lists.x2go.org <mailto:x2go-user at lists.x2go.org>
> >> https://lists.x2go.org/listinfo/x2go-user
>
> _______________________________________________
> x2go-user mailing list
> x2go-user at lists.x2go.org <mailto:x2go-user at lists.x2go.org>
> https://lists.x2go.org/listinfo/x2go-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20191227/e37bec45/attachment-0001.html>
More information about the x2go-user
mailing list