LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Windows of different users in one xsession? (https://www.linuxquestions.org/questions/linux-newbie-8/windows-of-different-users-in-one-xsession-4175471382/)

VolvoxNo9 07-29-2013 06:40 PM
Windows of different users in one xsession?
 
Hi

Is it possible to view and control windows of different users on one X session?

Example:

user1 logs in to kde and can now start using gui programs like "xcalc".

user1 can start up a terminal as well and run

su user2

Now being user2 he can try to start the gui program "kwrite",
but what I get then is this error message:

"bash-4.2$ kwrite
No protocol specified
kwrite: cannot connect to X server :0.0
bash-4.2$"

Is there a way to make this error message disappear and show the window of kwrite instead (run by user2) ? Then there would be windows of two different users visible and controllable (xcalc by user1 and kwrite by user2).

Yes, I know, I can start multiple xsessions in parallel and switch back and forth using ctrl+alt+F7 etc., but I wonder about having all windows on one screen.
Something similar to what I am looking for is the behavior of the ssh -Y command (in that case I also have windows of two different users (of two different computers even!) on my screen).


Thanks in advance

Volvox

lleb 07-29-2013 06:48 PM
yes you could use ssh -X or -Y to accomplish this, remember ssh does not care if you are local or remote.

jpollard 07-30-2013 04:57 AM
The reason su by itself cannot do it is because the ownership of the access keys to the display belong to user1. IF user2 could access them, it would work - but then the real user2 could ALSO access them, which would be a security failure.

The ssh technique works because a new key is given to user2 that only works through the ssh connection. When the user2 logs out (terminates the ssh link), that key becomes useless; so the real user2 is prevented from doing things to the display. He still can... but there are things that are blocked (such as starting a screensaver that would prevent user1 from doing anything at all). User1 IS still vulnerable, but not to trivial screen locking - the real user2 could log in and start a display/key/mouse tracking application for instance... But this gets cut off when the ssh session is terminated.

fogpipe 07-30-2013 05:44 AM
I think you can do this with xhost, take a look at the xhost man page.

jpollard 07-30-2013 06:22 AM
xhost would allow it... but only by opening up the display to EVERY user.

And the only way to stop a display/keyboard/mouse tracker/logger is to logout.

fogpipe 07-30-2013 06:33 AM
Actually the way im reading the xhost man page you can allow access by name, eg, someuser@somehost or

Check the NAMES section of the man page.

dt64 07-30-2013 07:44 AM
have a read here:
http://jianmingli.com/wp/?p=724
http://brakertech.com/xlib-putty-x11...col-attempted/
http://www.web-manual.net/linux-3/ho...ding-on-linux/

jpollard 07-30-2013 09:01 AM
Quote:
Originally Posted by fogpipe (Post 4999521)
Actually the way im reading the xhost man page you can allow access by name, eg, someuser@somehost or

Check the NAMES section of the man page.
ONLY when secure RPC is being used (on both ends)... AND you have an encrypted TCP connection.

Neither is commonly available. The need for an encrypted TCP connection is because the credentials are passed unencrypted...

Normally, the X tcp socket is not enabled either - due to the insecurity.

And if you notice - it still opens up the server to anything from user2.


All times are GMT -5. The time now is 12:46 PM.