X11 - X11 and su: How to ?

> SSH (Secure Shell) - Remote Access > X Windows System (commonly X or X11)

1 - About

After making a connection, you shows X windows by following for instance this article: X11 - How to display remote clients (such as firefox, installation screen) with the X Server CygwinX ?.

But when you change of user with the su command, you got .

su - oracle
Error: Can't open display:

There is no display You then go back to the original session, get the display, log as the other and set the display

>exit
logout
>echo $DISPLAY
localhost:10.0
>su - oracle
/home/oracle >export DISPLAY=localhost:10.0

But when trying to start a X windows, we get an authorization problem

/home/oracle >xlogo
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: Authorisation not recognised

Error: Can't open display: localhost:10.0

2 - The Solution

You need for each new su session to set:

  • the DISPLAY
  • and the authorization cookie
Advertising

3 - Example

  • From the original user, get the display
echo $DISPLAY
localhost:10.0
  • From the original user, get the magic cookie. This is the last on on the list
xauth list
euramsodw011.hotitem.local/unix:12  MIT-MAGIC-COOKIE-1  7bb18f920440391643b12a1467764e8e
euramsodw011.hotitem.local/unix:13  MIT-MAGIC-COOKIE-1  d6ac161e55a0a7c320908cd35d1b8391
euramsodw011.hotitem.local/unix:11  MIT-MAGIC-COOKIE-1  bae3fc9da4d089b69aa98a84238fc7bc
euramsodw011.hotitem.local/unix:10  MIT-MAGIC-COOKIE-1  937b307935d2485e773970b48bb21eaf

From my colleague, Pepijn Dekker, in order to get the cookie statement (with grep and awk)

xauth list | grep unix:`echo $DISPLAY | awk -F: '{print $2}' | awk -F. '{print $1}'` | awk '{print "xauth add " $0}'
xauth add euramsodw011.hotitem.local/unix:10  MIT-MAGIC-COOKIE-1  937b307935d2485e773970b48bb21eaf
  • su the user that you want to impersonate, set the display and add the cookie, start an x windows
su - oracle
export DISPLAY=localhost:10.0
xauth add euramsodw011.hotitem.local/unix:10  MIT-MAGIC-COOKIE-1  937b307935d2485e773970b48bb21eaf
xclock
  • And you see the xclock as the impersonate user

Advertising