X11-forwarding after su - SSH

This is a discussion on X11-forwarding after su - SSH ; Hi, if I do ssh -Y root@yourbox and then su - and then start an X application, I get X11 authentication errors. What can I do to test an X-application under a non-root user. (I don't know and don't want ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: X11-forwarding after su

  1. X11-forwarding after su

    Hi,

    if I do

    ssh -Y root@yourbox

    and then

    su -

    and then start an X application,

    I get X11 authentication errors.

    What can I do to test an X-application under a non-root user.
    (I don't know and don't want to know the passwords of my users)

    Many thanks for a hint,

    Helmut Jarausch
    RWTH Aachen University
    Germany

  2. Re: X11-forwarding after su

    Helmut Jarausch schrieb:
    > Hi,
    >
    > if I do
    >
    > ssh -Y root@yourbox
    >
    > and then
    >
    > su -
    >
    > and then start an X application,
    >
    > I get X11 authentication errors.



    simply try ssh -X
    or ssh -Y

    and then start the X application. With this, you can avoid problems with
    xauth. Otherwise you should read man xauth and have a look at some
    information how to transfer the mit-magic-cookie to the user
    . I found some information at the debian documentation some
    time ago, but i lost the links.


    >
    > What can I do to test an X-application under a non-root user.
    > (I don't know and don't want to know the passwords of my users)


    You are only root at your system?

    >
    > Many thanks for a hint,
    >
    > Helmut Jarausch
    > RWTH Aachen University
    > Germany


    Wolfgang

  3. Re: X11-forwarding after su

    Wolfgang Meiners wrote:
    > Helmut Jarausch schrieb:
    >> Hi,
    >>
    >> if I do
    >>
    >> ssh -Y root@yourbox
    >>
    >> and then
    >>
    >> su -
    >>
    >> and then start an X application,
    >>
    >> I get X11 authentication errors.

    >
    >
    > simply try ssh -X
    > or ssh -Y


    But then I have to provide the password of YourLogin
    which I don't know!

    > and then start the X application. With this, you can avoid problems with
    > xauth. Otherwise you should read man xauth and have a look at some
    > information how to transfer the mit-magic-cookie to the user
    > . I found some information at the debian documentation some
    > time ago, but i lost the links.
    >
    >
    >> What can I do to test an X-application under a non-root user.
    >> (I don't know and don't want to know the passwords of my users)

    >
    > You are only root at your system?


    No. So I could temporarily change the password of YourLogin on the
    target machine and then do a regular ssh like your first proposal.
    But that's ugly.

    I just want to drop root privileges and then invoke an X application.

    Helmut.

  4. Re: X11-forwarding after su

    On 2007-11-19, Helmut Jarausch wrote:

    > What can I do to test an X-application under a non-root user.
    > (I don't know and don't want to know the passwords of my users)


    Create a test user for which you don't mind knowing the password?

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/

  5. Re: X11-forwarding after su

    On 2007-11-19, Wolfgang Meiners wrote:

    > simply try ssh -X
    > or ssh -Y
    >
    > and then start the X application. With this, you can avoid problems with
    > xauth. Otherwise you should read man xauth and have a look at some
    > information how to transfer the mit-magic-cookie to the user
    >. I found some information at the debian documentation some
    > time ago, but i lost the links.



    It might look a bit like this if you run it from your own account
    and you can "sudo su" to the other account you want.


    #!/usr/bin/perl -w

    pipe(RH, WH) or die("pipe");
    $pid=fork();
    die("fork") unless (defined($pid));

    if ($pid) {
    close(RH);
    printf(WH "%s\n", $ENV{"DISPLAY"});
    open(STDOUT, ">&WH") or die("dup");
    exec("/usr/X11R6/bin/xauth", "nlist") or die("xauth");
    }

    open(STDIN, "<&RH") or die("dup");
    close(WH);
    exec("/usr/bin/sudo", "su", "-", "test", "-c",
    "id && read a && /usr/X11R6/bin/xauth nmerge - && DISPLAY=\$a xterm");


    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/

  6. Re: X11-forwarding after su

    Helmut Jarausch schrieb:
    > I just want to drop root privileges and then invoke an X application.


    well as root you could

    cp ~/.Xauthority /home//.Xauthority.root

    chown .Xauthority.root

    su -

    DISPLAY=localhost:10.0 XAUTHORITY=/home//.Xauthority.root\ xeyes

    I am not sure, if this is a good idea because you make the contents of
    roots .Xauthority available to .

    >
    > Helmut.


    Wolfgang

+ Reply to Thread