xpra icon
Bug tracker and wiki

Opened 3 years ago

Closed 2 years ago

#1214 closed defect (wontfix)

Administrative shadow

Reported by: psycho_zs Owned by: Antoine Martin
Priority: major Milestone: future
Component: android Version: trunk
Keywords: Cc:

Description

Please add the ability to shadow another user's session. Like:

xpra shadow ssh:adminuser@server:0 --xuser=someuser

AFAIK, the simplest way to do this: probe for $(getent passwd someuser | cut -d ':' -f 6)/.Xauthority. If access is denied, prompt for sudo password and try again with sudo.

Change History (3)

comment:1 Changed 3 years ago by Antoine Martin

Milestone: 0.18future

We already have some reliable code for checking access to the X11 server, but I don't think it is xpra's job to invoke sudo.
We would need to re-launch ourselves through sudo, which is also very hard to get right. Then should you (gk)sudo, or su or..

comment:2 Changed 3 years ago by psycho_zs

I've tested it this way:
'commonuser' runs X :0 session on 'server', 'adminuser' connects from 'client'

adminuser@server$ sudo setfacl -m u:adminuser:r /home/commonuser/.Xauthority
adminuser@server$ sudo ln -sf /home/commonuser/.Xauthority /home/adminuser/.Xauthority

adminuser@client$ xpra shadow ssh:adminuser@server:0

Shadow successfully connects to 'commonuser's X session.

So the only thing sudo is needed for - give access to magic cookie. Xpra and anything else can run from 'adminuser'.

comment:3 Changed 2 years ago by Antoine Martin

Resolution: wontfix
Status: newclosed

Closing as wontfix as this is not xpra's job to get access to other sessions: you should be using xauth for that.

Note: See TracTickets for help on using tickets.