|
Dimke Linux How-to - challenging: |
|
Title: |
Solution for xauth problem |
|
Challenge: |
Under some Debian-based Linux OS-es like Ubuntu or Raspbian you will run into problems, if you first switch the current user, and then, under the new user, you try to start a graphical, meaning GUI-based X11 application.
For examle, you try the following:
$ su - test1
Password:
$ firefox
Error: no DISPLAY environment variable specified
$ DISPLAY=':0.0' firefox
Authorization required, but no authorization protocol specified
So, why is this?
This does not work out of the box, because the x server is not configured to accept commands other than from the current user / session.
But, how to get around this?
|
|
Solution: |
There are at least two approaches, whereas the first one is to script-based get the DISPLAY variable, determine and merge "MIT magic cookie" and other fancy things, and hope it will work.
Well, better forget this, now!
Or, the way I took:
Use the Linux built-in "Pluggable Authentication Modules", "PAM", which does all the above automatically.
You can see what PAM is doing by opening a root shell and watch the su - target directory while logging into the same directory from a normal user via su - newuser.
As soon as su - newuser was successful, then there will be an authenticaion file ".xauth*" created in the target directory.
E.g. /home/newuser/.xauth8ZyUgc
This will be deleted on logoff.
What do you have to do to get this to work?
Simply add this line:
session optional pam_xauth.so
to your /etc/pam.d/su file
|
|
|