Dimke Linux How-to - challenging:
Title: Solution for xauth problem
Challenge: Under some Debian-based Linux OS-es like Ubuntu or Raspbian you will run into problems, if you first switch the current user, and then, under the new user, you try to start a graphical, meaning GUI-based X11 application.

For examle, you try the following:
$ su - test1

$ firefox
Error: no DISPLAY environment variable specified

$ DISPLAY=':0.0' firefox
Authorization required, but no authorization protocol specified
So, why is this?

This does not work out of the box, because the x server is not configured to accept commands other than from the current user / session.

But, how to get around this?
Solution: There are at least two approaches, whereas the first one is to script-based get the DISPLAY variable, determine and merge "MIT magic cookie" and other fancy things, and hope it will work.
Well, better forget this, now!

Or, the way I took:

Use the Linux built-in "Pluggable Authentication Modules", "PAM", which does all the above automatically.
You can see what PAM is doing by opening a root shell and watch the su - target directory while logging into the same directory from a normal user via su - newuser.
As soon as su - newuser was successful, then there will be an authenticaion file ".xauth*" created in the target directory. E.g. /home/newuser/.xauth8ZyUgc This will be deleted on logoff.

What do you have to do to get this to work?

Simply add this line:
session         optional        pam_xauth.so
to your /etc/pam.d/su file
[Developer Root] [Main Page]