Steps to reproduce: 1) sudo apt-get install nodm 2) Configure /etc/default/nodm to something like $ cat /etc/default/nodm # nodm configuration # Set NODM_ENABLED to something different than 'false' to enable nodm NODM_ENABLED=true # User to autologin for NODM_USER=lindi # xinit program NODM_XINIT=/usr/bin/xinit # First vt to try when looking for free VTs NODM_FIRST_VT=7 # X session NODM_XSESSION=/etc/X11/Xsession # Options for the X server NODM_X_OPTIONS='vt7 -nolisten tcp' # If an X session will run for less than this time in seconds, nodm will wait an # increasing bit of time before restarting the session. NODM_MIN_SESSION_TIME=60 3) sudo /etc/init.d/nodm start 4) xclock 5) sudo -u nobody sh -c 'xclock' Expected results: 4) "lindi"'s xclock can connect to the X server since he is logged in. 5) "nobody"'s xclock can _not_ connect to the X server Actual results: 4) "lindi"'s xclock can connect to the X server since he is logged in. 5) "nobody"'s xclock can connect to the X server More info: 1) "ps f -eo user,cmd" shows that the -auth option is not passed to X: root /usr/sbin/nodm root \_ /usr/bin/xinit /usr/sbin/nodm -- vt8 vt7 -nolisten tcp root \_ X :0 vt8 vt7 -nolisten tcp lindi \_ /usr/sbin/nodm lindi \_ /bin/sh -l -c /etc/X11/Xsession lindi \_ icewm