5

I'm trying to use x11vnc to allow users to remote control certain computers. This works fine in general, but there is one aspect I have trouble implementing. I want to restrict access to a specific user account, but the user that the X11 session belongs to is a different one.

So the situation is:

  • User A is logged in at the computer
  • User B starts x11vnc manually from the shell
  • VNC-client V connects from somewhere to it

The problem is that I can only start x11vnc as root or as the currently logged in user, it doesn't work as any other user. Is there any way to allow a specific user to access my X11 session?

Alex Stragies
  • 5,857
  • 2
  • 32
  • 56
Mad Scientist
  • 1,246
  • 3
  • 12
  • 17

2 Answers2

5

X displays are protected by a "key" which you need to give in order to be able to connect. That key will generally be stored in the user's ~/.Xauthority file.

To allow someone else's application (like x11vnc) to connect to his DISPLAY, a user has to give him that key or grant him access to his ~/.Xauthority file. You can retrive the key of your display by doing.

xauth list "$DISPLAY"

You can grant access to your ~/.Xauthority by changing its permissions (group ownership or ACLs).

The other user can specify which authority file to use via the XAUTHORITY environment variable, or add a key to a specific display to his own ~/.Xauthority using xauth add.

Stéphane Chazelas
  • 522,931
  • 91
  • 1,010
  • 1,501
2

If your problem is that x11vnc can't even launch because it doesn't have access to the X session, you need to grant access to the other user with xhost +SI:localuser:other_username before starting x11vnc as the other user.

The title of the question makes it sound like you want to restrict access to the VNC server though.

Janus Troelsen
  • 1,463
  • 1
  • 15
  • 27