> Is this some type of security feature
Yes.
> xhost +
This is, as mentioned a nice easy way of allowing anyone to open anything on
the display.
I suggest you only do this if it is a fairly brief time that you will spend
as another user - so do the xhost + just before you su, then do xhost - when
you have finished (so that access control is back again).
You can be a bit more restrictive with the xhost command by specifying the
host(s) that the other user can connect from: xhost +hostname
(You may find you can just do xhost hostname -I don't know how your
system may take the '+' before the hostname.)
This still allows anyone on that host to connect to your display (so you
it's still a good idea to do it just before you 'su' to that user, and
reset it when you are finished by xhost -hostname
> There is one more convoluted way of doing it ... using xauth
OK, the xauth command can do this, and it is not really that convoluted (at
least, not the way I normally do it).
1) Before you 'su', type xauth -this will take you to xauth 'command mode'
2) At the xauth prompt type list -you will get a list of currently
authorised display connections, along with their magic cookies.
3) Select the one which corresponds to your display (hostname:1 probably)
including the magic cookie (i.e. the whole line).
4) quit from xauth command mode (type quit at the xauth prompt).
5) Change to the other user id.
6) Type xauth (as the other user) -you will get authorisations for that user.
7) Type 'add ' and then paste in the line that you selected above.
8) Press return, and quit from xauth.
You should now find that the other user is the only one that is authorised
to connect to your display. This will remain so until you remove the
authorisation (using xauth remove - while at the xauth prompt type help and
you will see what you can do) for that user, or until the display closes.
Hope that helps!
======================================
Adrian Umpleby
[EMAIL PROTECTED]
http://wrench.et.ic.ac.uk/adrian/
======================================
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
