how to use xauth to run graphical application via other user on linux
To use xauth selectively, as user1 run:
xauth list|grep `uname -n`
This prints the hexkey authorization entries for you . You could have different displays associated with those hosts as well.
As user2 set your display (assuming default case):
DISPLAY=:0; export DISPLAY
xauth add $DISPLAY . hexkey
Note the dot after the $DISPLAY and before the hexkey.
When access is no longer needed, as user2 you can run:
xauth remove $DISPLAY
I put in my
.zshrc a line with
export XAUTHORITY=~/.Xauthority and now I am able to execute
sudo -E xcommand. After a lot of googling, for me this was the easiest way.
First: Don't use
xhost +, it's rather insecure (blanket allow/deny).
Rather use the X-Cookie mechanism:
su user2 cp /home/user1/.Xauthority /home/user2/.Xauthority export DISPLAY=:0
Alternatively, if you have
sux installed, use that (see ehempel's answer).
In both cases user2 will use the secret cookie in .Xauthority to authorize to the X server, and no one else will have access to it.
- Depending on your file permissions, you might have to copy .Xauthority in some other way.
- Instead of copying
.Xauthority, you can also use
xauthto extract and copy the authorization key (see Randall's answer). If you have multiple keys in the
.Xauthorityfile this is more selective; otherwise it is a matter of taste.
Assuming debian or ubuntu (should be similar on Red Hat / SUSE).
sudo apt-get install sux sux user -c 'command'
This will fix the problem for all users:
cat <<EOF > /etc/profile.d/xauth.sh #!/sbin/bash export XAUTHORITY=~/.Xauthority EOF