where to change the default location of .Xauthority file when log in via ssh -X as a specific user
I need to change the .Xauthority file location for a group of users to be $HOME/tmp/.Xauthority rather than the default $HOME/.Xauthority.
I already tried what I could catch up from several sources like:
I set the environment variable like this in several /etc/.profile, .profile, .bashrc .... etc. with the following: XAUTHORITY=$HOME/tmp/.Xauthority
With the result of:
Any login attempt with a user of sshx group (ssh -X server) results in timeout in locking $HOME/.Xauthority. It is like having changed nothing. Interesting about is that if I echo $XAUTHORITY it shows $HOME/tmp/.Xauthority. authx is working as well, but not at the time of login.
Therefore the processing I need must happen somewhere before ssh -X or while establishing the X connection. Where do I have to change it so that I can address a group of users only since I do not want root or users without a sshX group be affected since they eventually do not have the directory?
Answer
The way I do it is to set XAUTHORITY=/tmp/Xauthority-username in ~/.ssh/environment, but that requires changing /etc/ssh/sshd_config to say PermitUserEnvironment yes.
I use /tmp because that keeps it local to each machine. With home directories on NFS, that becomes a bottleneck and causes race conditions where starting several apps simultaneously on multiple remote hosts can cause some to fail.