[gentoo-user] Xauthority and su

[gentoo-user] Xauthority and su

[Helmut Jarausch]

Hi,

when maintaining a machine from remote I sometimes have to switch to
a non-root user (whose password I don't want to know) to try something
out.

For that, I log into that machine by  ssh -Y root@....
Now, how can I switch to user USER such that the X credentials
are copied.
Unfortunately, sux (from X11-misc/sux) doesn't work in that case.
I always get
X11 connection rejected because of wrong authentication.

Are there any means to achieve this?

Many thanks for a hint,
Helmut.

-- 
Helmut Jarausch

Lehrstuhl fuer Numerische Mathematik
RWTH - Aachen University
D 52056 Aachen, Germany

Re: [gentoo-user] Xauthority and su

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 570 bytes --]

On Tue, 06 Apr 2010 11:50:42 +0200 (CEST), Helmut Jarausch wrote:

> when maintaining a machine from remote I sometimes have to switch to
> a non-root user (whose password I don't want to know) to try something
> out.
> 
> For that, I log into that machine by  ssh -Y root@....
> Now, how can I switch to user USER such that the X credentials
> are copied.

If you use key based authentication, you can log in directly as the user
without needing the password.


-- 
Neil Bothwick

Idaho - It's not the end of the world, but you can see it from there.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Xauthority and su

[Jonas de Buhr]

>Hi,
>
>when maintaining a machine from remote I sometimes have to switch to
>a non-root user (whose password I don't want to know) to try something
>out.
>
>For that, I log into that machine by  ssh -Y root@....
>Now, how can I switch to user USER such that the X credentials
>are copied.
>Unfortunately, sux (from X11-misc/sux) doesn't work in that case.
>I always get
>X11 connection rejected because of wrong authentication.
>
>Are there any means to achieve this?

Hi Helmut,

you need to read "man xauth" :)

/jdb

Re: [gentoo-user] Xauthority and su

[Jonas de Buhr]

>>Are there any means to achieve this?
>
>Hi Helmut,
>
>you need to read "man xauth" :)

or maybe this:
http://www.xs4all.nl/~zweije/xauth-6.html#ss6.3

skip the DISPLAY-part if you're using ssh -Y.

/jdb

Re: [gentoo-user] Xauthority and su

[Helmut Jarausch]

On  7 Apr, Jonas de Buhr wrote:
> 
>>>Are there any means to achieve this?
>>
>>Hi Helmut,
>>
>>you need to read "man xauth" :)
> 
> or maybe this:
> http://www.xs4all.nl/~zweije/xauth-6.html#ss6.3
> 
> skip the DISPLAY-part if you're using ssh -Y.
> 

Hi Jonas,
unfortunately, I don't understand your advice.

I do have X11 forwarding configured and I don't have any problems
when working as the same user for which I logged in via ssh -Y.
But if I change the user by using su (doesn't work) or sux (works on
a local machine), Xauthorization fails.

Thanks,
Helmut.


-- 
Helmut Jarausch

Lehrstuhl fuer Numerische Mathematik
RWTH - Aachen University
D 52056 Aachen, Germany

Re: [gentoo-user] Xauthority and su

[Jonas de Buhr]

>Hi Jonas,
>unfortunately, I don't understand your advice.
>
>I do have X11 forwarding configured and I don't have any problems
>when working as the same user for which I logged in via ssh -Y.
>But if I change the user by using su (doesn't work) or sux (works on
>a local machine), Xauthorization fails.

hi,

sorry i was a bit in a hurry.

it's been a while since i looked into this but i think you can add your
users x-magic-cookie to your authorized cookies, your cookie to his
cookies or a new cookie to his cookies and your authorized cookies
(which you can delete later so he doesn't have access to your session
anymore).

from the top of my head i'm not sure which way round it works (maybe
both?) which is why i only advised reading of the manpage ;)

hope this helps,
jdb

Re: [gentoo-user] Xauthority and su

[Jonas de Buhr]

>I do have X11 forwarding configured and I don't have any problems
>when working as the same user for which I logged in via ssh -Y.
>But if I change the user by using su (doesn't work) or sux (works on
>a local machine), Xauthorization fails.

oh wait... maybe the problem is something different? after the "su -"
you also lose the DISPLAY setting which was set after logging in with
"ssh -Y". you should check the DISPLAY variable before and after the su
on the remote machine. 

Re: [gentoo-user] Xauthority and su

[Helmut Jarausch]

On  7 Apr, Jonas de Buhr wrote:
> 
>>I do have X11 forwarding configured and I don't have any problems
>>when working as the same user for which I logged in via ssh -Y.
>>But if I change the user by using su (doesn't work) or sux (works on
>>a local machine), Xauthorization fails.
> 
> oh wait... maybe the problem is something different? after the "su -"
> you also lose the DISPLAY setting which was set after logging in with
> "ssh -Y". you should check the DISPLAY variable before and after the su
> on the remote machine. 
> 
That's the reason why I tried  sux  from x11-misc/sux .
Helmut.

Re: [gentoo-user] Xauthority and su

[Jonas de Buhr]

>> oh wait... maybe the problem is something different? after the "su -"
>> you also lose the DISPLAY setting which was set after logging in with
>> "ssh -Y". you should check the DISPLAY variable before and after the
>> su on the remote machine. 
>> 
>That's the reason why I tried  sux  from x11-misc/sux .

well you will need both. proper authorization and a correct DISPLAY
variable.