Home / server / Questions / 51005
Accepted
Phil
Asked: 2009-08-07 08:19:12 +0800 CST

how to use xauth to run graphical application via other user on linux

  • 772

My regular user account is, let's say, user1. I created separate user2 for some x application that i would like to run while being logged into x as user1 but in a way that will prevent it from read/write access to user1 data. I thought that i could use xauth and sudo/su to user2 from user1 to run this application. How do i do this? I'm not sure how to configure xauth.

linux sudo

10 Answers

  1. To use xauth selectively, as user1 run:

    xauth list|grep `uname -n`

    This prints the hexkey authorization entries for you . You could have different displays associated with those hosts as well.

    As user2 set your display (assuming default case):

    DISPLAY=:0; export DISPLAY

    Then run:

    xauth add $DISPLAY . hexkey

    Note the dot after the $DISPLAY and before the hexkey.

    When access is no longer needed, as user2 you can run:

    xauth remove $DISPLAY
    • 41

  2. I put in my .zshrc a line with export XAUTHORITY=~/.Xauthority and now I am able to execute sudo -E xcommand. After a lot of googling, for me this was the easiest way.

    • 15

  3. First: Don't use xhost +, it's rather insecure (blanket allow/deny).

    Rather use the X-Cookie mechanism:

    su user2
cp /home/user1/.Xauthority /home/user2/.Xauthority 
export DISPLAY=:0

    Alternatively, if you have sux installed, use that (see ehempel's answer).

    In both cases user2 will use the secret cookie in .Xauthority to authorize to the X server, and no one else will have access to it.

    Notes:

    • Depending on your file permissions, you might have to copy .Xauthority in some other way.
    • Instead of copying .Xauthority, you can also use xauth to extract and copy the authorization key (see Randall's answer). If you have multiple keys in the .Xauthority file this is more selective; otherwise it is a matter of taste.
    • 12

  4. Assuming debian or ubuntu (should be similar on Red Hat / SUSE).

    sudo apt-get install sux
sux user -c 'command'
    • 8

  5. This will fix the problem for all users:

    cat <<EOF > /etc/profile.d/xauth.sh
#!/sbin/bash
export XAUTHORITY=~/.Xauthority
EOF
    • 7

  6. As root:

    xhost local:yourusername

    Where yourusername is your user name :)

    Then do su as your user xclock should work if it's installed

    • 6

  7. Some other options:

    • xauth + (unsecure) (doesn't work on recent versions of xauth)
    • ssh -X user2@localhost (ugly, but might be simpler to get to work than direct authentication)
    • 2
  8. Best Answer

    I found something that works great for me on KDE

    kdesu -u username /path/to/program
    • 2

  9. This way made in suse/opensuse : http://www.novell.com/support/kb/doc.php?id=7003743

    Simply modifying the /etc/pam.d/su, adding the option (bold) :

    session optional pam_xauth.so systemuser=1

    Then you can switch with su without - :

    su user2

    and run the app graphically.

    • 0

  10. For GNOME (and without any desktop environment really, I use it with icewm only) gksu:

    gksu -u username program
    • -2