Graphical Environment Guide
Chapter 4, Running remote programs
Step 5: Sharing authorization records with other users

Step 5: Sharing authorization records with other users

To allow other users to access your display, transfer the authorization record that scologin generates for your X server from your $HOME/.Xauthority file into the $HOME/.Xauthority file of the other users.

Although it is easy to give other users copies of your $XAUTHORITY file, this practice is not recommended, especially if the file needs to be transferred over a network. Preferred practice is to run xauth to extract the authorization record for a specific display and merge it into another user's authorization file.

First, list the servers for which you have authorization by running the following command:

xauth list

Note that each line starts with a display name in the following format:

hostname:display_number

To extract the authorization record, run the following command:

xauth extract tempfile displayname

Be sure displayname matches the string displayed by the xauth list command. tempfilename is a file that you and other users have agreed to use.

If the other users are going to merge the authorization record into their authorization files themselves, be sure to set tempfilename's permissions so that the other users can access it.

The other users can now merge the authorization record in tempfilename into their own authorization files, or you can do it for them as root, with the following command:

xauth merge tempfilename

When the other users have merged the authorization record into their authorization files, delete tempfilename.

If you do not want to create the temporary file, tempfilename, you can use a pipe to redirect the authorization record from the xauth extract command to the xauth merge command as follows:

xauth extract - displayname|xauth -f authfile merge -

The dashes in each xauth command cause output to be directed to standard output instead of to a file, and for input to come from standard input instead of from a file. In this case, authfile is the pathname of the other user's authorization file. You must have read and write permission to authfile for this command to work.

You can use a similar command line to share authorization records across the network. For example, if you log in on boston and want to give your server's authorization record to your account on tusconey, execute the following command on boston:

xauth extract - boston:0|rcmd tusconey /usr/bin/X11/xauth merge -

See also: