2009-11-27

sudo and xauth

Ok, last week I tried to switch my OpenSUSE system to use sudo rather than su for running things like YaST as root. This works relatively well, apart from the fact that I am not able to run X11 programs. My first guess was to edit the sudoers file so that the $DISPLAY does not get reset. So when I would do something like this:

$ sudo echo $DISPLAY

I would not get an empty line, but something like "localhost:10.0". However, this does not work. Would have been too easy. The problem here is that of course the xauth cookie gets in the way. X11 uses cookie based authentication, which is stored in a file in the user's home directory. After some googling I found out that an automatic xauth handling could be implemented in sudo using pam (pluggable authentication modules), but no one has done that so far. There are some people trying to do some magic tricks, involving the merging of root's and the user's xauth files, but I don't like that this needs so many commands and not only a simple sudo command anymore. If I find anything more simple, I will post it here...

UPDATE:

Well, one simple solution is as follows:

$ export XAUTHORITY=~/.Xauthority
$ sudo -E xeyes

Instead of using the -E flag (preserve environment), one could add DISPLAY and XAUTHORITY to the variables which are not reset in the /etc/sudoers file. Actually I think that is the most comfortable solution.

2 comments:

  1. export XAUTHORITY=~/.Xauthority

    your example (with $XAUTHORITY) gives an error for me

    ReplyDelete
  2. Yes, thanks. That was a typo.

    ReplyDelete