how to use xauth to run graphical application via other user on linux
Solution 1:
To use xauth selectively, as user1 run:
xauth list|grep `uname -n`
This prints the hexkey authorization entries for you . You could have different displays associated with those hosts as well.
As user2 set your display (assuming default case):
DISPLAY=:0; export DISPLAY
Then run:
xauth add $DISPLAY . hexkey
Note the dot after the $DISPLAY and before the hexkey.
When access is no longer needed, as user2 you can run:
xauth remove $DISPLAY
Solution 2:
I put in my .zshrc
a line with export XAUTHORITY=~/.Xauthority
and now I am able to execute sudo -E xcommand
. After a lot of googling, for me this was the easiest way.
Solution 3:
First: Don't use xhost +
, it's rather insecure (blanket allow/deny).
Rather use the X-Cookie mechanism:
su user2
cp /home/user1/.Xauthority /home/user2/.Xauthority
export DISPLAY=:0
Alternatively, if you have sux
installed, use that (see ehempel's answer).
In both cases user2 will use the secret cookie in .Xauthority to authorize to the X server, and no one else will have access to it.
Notes:
- Depending on your file permissions, you might have to copy .Xauthority in some other way.
- Instead of copying
.Xauthority
, you can also usexauth
to extract and copy the authorization key (see Randall's answer). If you have multiple keys in the.Xauthority
file this is more selective; otherwise it is a matter of taste.
Solution 4:
Assuming debian or ubuntu (should be similar on Red Hat / SUSE).
sudo apt-get install sux
sux user -c 'command'
Solution 5:
This will fix the problem for all users:
cat <<EOF > /etc/profile.d/xauth.sh
#!/sbin/bash
export XAUTHORITY=~/.Xauthority
EOF