how to use xauth to run graphical application via other user on linux

Solution 1:

To use xauth selectively, as user1 run:

xauth list|grep `uname -n`

This prints the hexkey authorization entries for you . You could have different displays associated with those hosts as well.

As user2 set your display (assuming default case):

DISPLAY=:0; export DISPLAY

Then run:

xauth add $DISPLAY . hexkey

Note the dot after the $DISPLAY and before the hexkey.

When access is no longer needed, as user2 you can run:

xauth remove $DISPLAY

Solution 2:

I put in my .zshrc a line with export XAUTHORITY=~/.Xauthority and now I am able to execute sudo -E xcommand. After a lot of googling, for me this was the easiest way.


Solution 3:

First: Don't use xhost +, it's rather insecure (blanket allow/deny).

Rather use the X-Cookie mechanism:

su user2
cp /home/user1/.Xauthority /home/user2/.Xauthority 
export DISPLAY=:0

Alternatively, if you have sux installed, use that (see ehempel's answer).

In both cases user2 will use the secret cookie in .Xauthority to authorize to the X server, and no one else will have access to it.

Notes:

  • Depending on your file permissions, you might have to copy .Xauthority in some other way.
  • Instead of copying .Xauthority, you can also use xauth to extract and copy the authorization key (see Randall's answer). If you have multiple keys in the .Xauthority file this is more selective; otherwise it is a matter of taste.

Solution 4:

Assuming debian or ubuntu (should be similar on Red Hat / SUSE).

sudo apt-get install sux
sux user -c 'command'

Solution 5:

This will fix the problem for all users:

cat <<EOF > /etc/profile.d/xauth.sh
#!/sbin/bash
export XAUTHORITY=~/.Xauthority
EOF

Tags:

Linux

Sudo