I have two Linux desktop machines. My old one is a 486-66 running Red Hat 5.2. I can use su to become root or another user to my heart's content. My new system runs Mandrake 6.1 and has an AMD K-6, 450 MHz processor. Everything is a lot faster, but I can't su. Actually I can, but then I get an error message if I try to run any X11 application under my new temporary user identity. The error message says this:
Xlib: Connection to ":0.0" refused by
server Xlib: Client is not authorized to connect to server
Then come application-specific error messages, like this:
kmail: Cannot connect to server: 0
Please help! What's going on here? What do I need to do?
Serving Screens in Syracuse
I can easily tell you what's got your work at bay. The older system had a weaker security plan that allowed anyone on the system to use its X display. If you'd like to go back to those old days, darling, it's a snap. Just slip this into the startx script, and anyone with access to the system will be able to run the X applications:
Once upon a time, the old days allowed easy entrance into anyone's X desktop. If you ran the command xhost + you could let the whole Internet use your screen. Eeek! In fact, that's what xhost is for...think rhost. It says that this machine is okay; don't even bother asking it for an entrance pass.
Now I really must congratulate you, hon, on the wherewithal to create separate user IDs for all the hats you wear. Lots of system administrators talk about doing this but aren't actually, well, doing it. You get a cookie, dear. In fact, every time you start up X you get a cookie...an MIT-MAGIC-COOKIE-1 that is. In fact, it's entirely possible you'll receive a somewhat more secure and tasty XDM-AUTHORIZATION-1, but that depends on your distribution. How can you tell if you have an MIT or XDM cookie? Ask it!
The pantry your cookies are kept in is your ~/.Xauthority file. So, run strings to see the parts of it that are readable:
The results you'll get will look something like this:
MIT-MAGIC-COOKIE-1 mybox MIT-MAGIC-COOKIE-1 MIT-MAGIC-COOKIE-1
This bit of sugary snack (just a small check, are you the one that opened the X session) is what's preventing you from effectively using X. But, it's a ginger snap -- control your own cookie jar with xauth. Using these cookies is the only way to be sure you're safe on a multi-user system.
If you're becoming root, then fixing it is simply no problem. Set an environment variable named XAUTHORITY to point at the .Xauthority file from the user you started up X as. Since it already has the cookie in it, it will be perfectly correct. Next, copy the files, and if you're not becoming root, that'd be the best way to share them. You can generate your own, more secure cookie and use that instead:
xauth add :0 XDM-AUTHORIZATION-1 [put a whole lot of hex characters here... an even number of them]
...and then give that secure cookie to your other accounts:
xauth extract - :0 | ssh -l otherhat@localhost xauth merge -