From owner-freebsd-questions@FreeBSD.ORG  Fri Sep  5 15:08:24 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8F9AD16A4BF
	for <freebsd-questions@freebsd.org>;
	Fri,  5 Sep 2003 15:08:24 -0700 (PDT)
Received: from troutmask.apl.washington.edu (troutmask.apl.washington.edu
	[128.208.78.105])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BFD2F43FE5
	for <freebsd-questions@freebsd.org>;
	Fri,  5 Sep 2003 15:08:22 -0700 (PDT)
	(envelope-from kargl@troutmask.apl.washington.edu)
Received: from troutmask.apl.washington.edu (localhost [127.0.0.1])
	h85M8Muo060879;	Fri, 5 Sep 2003 15:08:22 -0700 (PDT)
	(envelope-from kargl@troutmask.apl.washington.edu)
Received: (from kargl@localhost)h85M8MbA060878;
	Fri, 5 Sep 2003 15:08:22 -0700 (PDT)
From: "Steven G. Kargl" <kargl@troutmask.apl.washington.edu>
Message-Id: <200309052208.h85M8MbA060878@troutmask.apl.washington.edu>
In-Reply-To: <20030905200737.GB45683@happy-idiot-talk.infracaninophile.co.uk>
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Date: Fri, 5 Sep 2003 15:08:22 -0700 (PDT)
X-Mailer: ELM [version 2.4ME+ PL99f (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
cc: freebsd-questions@freebsd.org
Subject: Re: PAM, X11, and su as a normal user?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Sep 2003 22:08:24 -0000

Matthew Seaman wrote:
> On Fri, Sep 05, 2003 at 12:18:40PM -0700, Steven G. Kargl wrote:
> > After a few hours of frustation, it's time to ask a question.
> > 
> > I have 2 accounts on my machine.  I use startx to start
> > X11 as user kargl.  If I then su to user sgk, I cannot
> > fire up X clients.  For example,
> > 
> > troutmask:kargl[202] su sgk
> > Password:
> > troutmask:sgk[201] gnuplot
> > Terminal type set to 'x11'
> > gnuplot> plot sin(x)
> > gnuplot> 
> > gnuplot: unable to open display 'troutmask.apl.washington.edu:0'
> > gnuplot: X11 aborted.
> > 
> > I've tried using "xhost sgk@", but this doesn't work.
> > The only thing I can think of that may need to be
> > configured is PAM, but the documentation is rather
> > incomplete.  So, anyone know how to setup su to
> > permit sgk to use X clients?
> 
> As user kargl:
> 
>     % xauth nextract /tmp/foo ${DISPLAY}
> 
> As user sgk:
> 
>     % xauth nmerge /tmp/foo
> 
> and remember to delete /tmp/foo as soon as possible.
> 

I still get the above results with gnuplot after issuing the
two xauth commands you give above.  If I use "xauth list"
with as both users the entry for $DISPLAY shows the same key. 

troutmask:sgk[246] xauth list
troutmask.apl.washington.edu:0  MIT-MAGIC-COOKIE-1  some_long_string
troutmask:kargl[245] xauth list
troutmask.apl.washington.edu:0  MIT-MAGIC-COOKIE-1  some_long_string


I suspect that I need to add something to /etc/pam.d/{su,system,xserver},
but I can't locate adequate documentation.

-- 
Steve
http://troutmask.apl.washington.edu/~kargl/