[wplug] X11 and sudo
Brandon Poyner
bpoyner at gmail.com
Wed Jan 24 15:25:21 EST 2007
On 1/24/07, Brandon Kuczenski <brandon at 301south.net> wrote:
> I want to run a command as another user via sudo,
>
> $ sudo -u joeuser xeyes
>
> only when I do so the other user doesn't have authority to write to my
> display. What's the easiest way to get around this? I had a hunch it was
> something similar to
>
> $ xauth add :0.0 [something] [something]
>
> but I can't make much sense of the xauth man page. Magic cookies? eh?
>
> Thanks in advance,
> Brandon
You're going to have problems using 'sudo -u' and X11 forwarding as
sudo -u preserves the environment:
$ sudo su - amanda -c pwd
/var/lib/amanda
$ sudo -u amanda pwd
/home/bpoyner
The magic cookie is stored in ~/.Xauthority and is mode 600, meaning
that joeuser won't be able to read it. Here's an example of how to
make it work:
$ ssh myserver
[bpoyner at myserver ]$ xauth list
myserver/unix:10 MIT-MAGIC-COOKIE-1 8e349e31ed53a5616254448dcfe806ab
[bpoyner at myserver]$ sudo su - amanda
-bash-2.05b$ amplot /var/lib/amanda/daily/amdump.1
Displaying graph on the screen, <CR> for next graph
X11 connection rejected because of wrong authentication.
X connection to localhost:10.0 broken (explicit kill or server shutdown).
-bash-2.05b$ /usr/X11R6/bin/xauth add myserver/unix:10
MIT-MAGIC-COOKIE-1 8e349e31ed53a5616254448dcfe806ab
-bash-2.05b$ amplot /var/lib/amanda/daily/amdump.1
And then the amplot window opens.
--
Brandon
More information about the wplug
mailing list