Xpra: Ticket #1214: Administrative shadow

Please add the ability to shadow another user's session. Like:

xpra shadow ssh:adminuser@server:0 --xuser=someuser

AFAIK, the simplest way to do this: probe for $(getent passwd someuser | cut -d ':' -f 6)/.Xauthority. If access is denied, prompt for sudo password and try again with sudo.

Sat, 11 Jun 2016 15:44:12 GMT - Antoine Martin: milestone changed

We already have some reliable code for checking access to the X11 server, but I don't think it is xpra's job to invoke sudo. We would need to re-launch ourselves through sudo, which is also very hard to get right. Then should you (gk)sudo, or su or..

Sat, 11 Jun 2016 16:54:05 GMT - psycho_zs:

I've tested it this way: 'commonuser' runs X :0 session on 'server', 'adminuser' connects from 'client'

adminuser@server$ sudo setfacl -m u:adminuser:r /home/commonuser/.Xauthority
adminuser@server$ sudo ln -sf /home/commonuser/.Xauthority /home/adminuser/.Xauthority
adminuser@client$ xpra shadow ssh:adminuser@server:0

Shadow successfully connects to 'commonuser's X session.

So the only thing sudo is needed for - give access to magic cookie. Xpra and anything else can run from 'adminuser'.

Tue, 27 Sep 2016 09:09:27 GMT - Antoine Martin: status changed; resolution set

Closing as wontfix as this is not xpra's job to get access to other sessions: you should be using xauth for that.

Sat, 23 Jan 2021 05:18:06 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1214