LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-29-2013, 07:40 PM   #1
VolvoxNo9
LQ Newbie
 
Registered: Dec 2010
Posts: 6

Rep: Reputation: 0
Windows of different users in one xsession?


Hi

Is it possible to view and control windows of different users on one X session?

Example:

user1 logs in to kde and can now start using gui programs like "xcalc".

user1 can start up a terminal as well and run

su user2

Now being user2 he can try to start the gui program "kwrite",
but what I get then is this error message:

"bash-4.2$ kwrite
No protocol specified
kwrite: cannot connect to X server :0.0
bash-4.2$"

Is there a way to make this error message disappear and show the window of kwrite instead (run by user2) ? Then there would be windows of two different users visible and controllable (xcalc by user1 and kwrite by user2).

Yes, I know, I can start multiple xsessions in parallel and switch back and forth using ctrl+alt+F7 etc., but I wonder about having all windows on one screen.
Something similar to what I am looking for is the behavior of the ssh -Y command (in that case I also have windows of two different users (of two different computers even!) on my screen).


Thanks in advance

Volvox
 
Old 07-29-2013, 07:48 PM   #2
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
yes you could use ssh -X or -Y to accomplish this, remember ssh does not care if you are local or remote.
 
Old 07-30-2013, 05:57 AM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,654

Rep: Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255
The reason su by itself cannot do it is because the ownership of the access keys to the display belong to user1. IF user2 could access them, it would work - but then the real user2 could ALSO access them, which would be a security failure.

The ssh technique works because a new key is given to user2 that only works through the ssh connection. When the user2 logs out (terminates the ssh link), that key becomes useless; so the real user2 is prevented from doing things to the display. He still can... but there are things that are blocked (such as starting a screensaver that would prevent user1 from doing anything at all). User1 IS still vulnerable, but not to trivial screen locking - the real user2 could log in and start a display/key/mouse tracking application for instance... But this gets cut off when the ssh session is terminated.
 
Old 07-30-2013, 06:44 AM   #4
fogpipe
Member
 
Registered: Mar 2011
Distribution: Slackware 64 -current,
Posts: 550

Rep: Reputation: 194Reputation: 194
I think you can do this with xhost, take a look at the xhost man page.
 
Old 07-30-2013, 07:22 AM   #5
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,654

Rep: Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255
xhost would allow it... but only by opening up the display to EVERY user.

And the only way to stop a display/keyboard/mouse tracker/logger is to logout.
 
Old 07-30-2013, 07:33 AM   #6
fogpipe
Member
 
Registered: Mar 2011
Distribution: Slackware 64 -current,
Posts: 550

Rep: Reputation: 194Reputation: 194
Actually the way im reading the xhost man page you can allow access by name, eg, someuser@somehost or

Check the NAMES section of the man page.
 
Old 07-30-2013, 10:01 AM   #8
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,654

Rep: Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255
Quote:
Originally Posted by fogpipe View Post
Actually the way im reading the xhost man page you can allow access by name, eg, someuser@somehost or

Check the NAMES section of the man page.
ONLY when secure RPC is being used (on both ends)... AND you have an encrypted TCP connection.

Neither is commonly available. The need for an encrypted TCP connection is because the credentials are passed unencrypted...

Normally, the X tcp socket is not enabled either - due to the insecurity.

And if you notice - it still opens up the server to anything from user2.

Last edited by jpollard; 07-30-2013 at 10:02 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] what are files .xsession-errors and .xsession-errors.old can they be deleted? cliffm Linux - Newbie 2 10-20-2012 12:30 PM
LXer: Windows users face as many choices as Linux users LXer Syndicated Linux News 0 09-29-2010 02:10 PM
LXer: Ubuntu One taking care of Windows users ... not so much users of other Linux distributions LXer Syndicated Linux News 0 08-26-2010 10:30 PM
Unable to Login to XSession with non root users freedo5 Red Hat 6 01-12-2007 03:34 AM
Which file do I edit to change xsession settings for all users Abdul Linux - Software 1 09-12-2004 08:54 PM


All times are GMT -5. The time now is 01:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration