[wplug] X11 and sudo

[Brandon Poyner]

On 1/24/07, Brandon Kuczenski <brandon at 301south.net> wrote:
> I want to run a command as another user via sudo,
>
> $ sudo -u joeuser xeyes
>
>   only when I do so the other user doesn't have authority to write to my
> display.  What's the easiest way to get around this?  I had a hunch it was
> something similar to
>
> $ xauth add :0.0 [something] [something]
>
> but I can't make much sense of the xauth man page. Magic cookies? eh?
>
> Thanks in advance,
> Brandon

You're going to have problems using 'sudo -u' and X11 forwarding as
sudo -u preserves the environment:

$ sudo su - amanda -c pwd
/var/lib/amanda
$ sudo -u amanda  pwd
/home/bpoyner

The magic cookie is stored in ~/.Xauthority and is mode 600, meaning
that joeuser won't be able to read it.  Here's an example of how to
make it work:

$ ssh myserver
[bpoyner at myserver ]$ xauth list
myserver/unix:10  MIT-MAGIC-COOKIE-1  8e349e31ed53a5616254448dcfe806ab
[bpoyner at myserver]$ sudo su - amanda
-bash-2.05b$ amplot /var/lib/amanda/daily/amdump.1
Displaying graph on the screen, <CR> for next graph

X11 connection rejected because of wrong authentication.
X connection to localhost:10.0 broken (explicit kill or server shutdown).

-bash-2.05b$ /usr/X11R6/bin/xauth add myserver/unix:10
MIT-MAGIC-COOKIE-1  8e349e31ed53a5616254448dcfe806ab
-bash-2.05b$ amplot /var/lib/amanda/daily/amdump.1

And then the amplot window opens.

-- 
Brandon